As it is currently being invaded by Russia, Ukraine is undergoing a large-scale cyberattack. The HermeticWiper malware infects hundreds of PCs across the country. As its name suggests, it is a wiper, a malicious program whose role is to delete all the data stored on a machine.
The whole of Europe today holds its breath as it watches with concern the situation in Ukraine. This Thursday, February 24, Russia started a “military operation” in its neighboring country. The latter is already having global repercussions. Following Vladimir Putin’s declaration of war, the price of Bitcoin and cryptocurrencies plummeted. A few hours later, cybersecurity research institute ESET said on Twitter that it had discovered a new malware currently operating in Ukraine.
According to the organization, hundreds of machines are already infected. A discovery that “Follows DDOS attacks against several Ukrainian websites earlier today”. The malware in question, called HermeticWiper, has a very specific role. As its name suggests, it is part of the family of wipers. The latter are malicious programs capable of erasing all the data from the PC on which they are installed. However, this is not the first time that Ukraine has been the target of this type of malware.
NotPetya, the wiper who has already hurt Ukraine
In 2017, the Petya ransomware received a very aggressive update. Nicknamed NotPetya, this new version is no longer only intended to encrypt the data of a machine in the hope of receiving a ransom from its owner. It is a wiper which, once installed, deletes said data without warning. NotPetya will claim many victims.
Related: Facebook Ends Russian Disinformation Campaign Against Pfizer and AstraZeneca
In total, it is estimated that almost a third of the country’s computer systems were affected. Among the latter, companies and professionals were particularly targeted, since they represent 70 to 70% of the victims. Public services constitute the rest of the victims, with 15-20% of systems infected. Only a few years after the indexation of Crimea by the Russian army, the historic adversary of Ukraine is the first suspect in this affair.
Is Russia behind the cyberattack in Ukraine?
It must be said that Russia has a serious reputation when it comes to cyberattacks. In 2021, Russian hackers alone pocketed 74% of ransomware revenue. Moreover, ESET specifies in its press release that HermeticWiper has been in the works for about two months, which corresponds to the beginning of the escalation of tensions between Ukraine and Russia. The malware is particularly advanced. In addition to its removal capabilities, it can also restart the infected PC and go unnoticed by antivirus.
Of course, Russia has not confirmed that it is responsible for the cyberattack currently affecting its adversary. But given the situation, it would be in her best interest to be. Indeed, this attack could be aimed at undermine the morale of Ukrainians and institutions, while setting the stage for the ongoing invasion. It should also be noted that several institutional sites, including those of defense and foreign affairs, were inaccessible several hours before the military operation following thea DDOS attack.
In France, the National Information Systems Security Agency (Anssi), in charge of maintaining the cybersecurity of key authorities for France, has not yet communicated on the subject, suggesting that the risk of an attack on our territory is currently not conceivable. However, in a press release published today, the organization specifies that the situation is not to be taken lightly.