As with all aspects of modern life, everything is a target for cybercriminals, even war. And this has been demonstrated with wiper malware attacking Ukraine.
Amidst its conflict with Russian, Ukraine has also had to contend with hundreds of its computers falling victim to a strain of data wiper malware. As the name suggests, wiper malware is used to wipe hard drives clean of any data. While this sounds like ransomware, and indeed wiper malware often promises the return of data for a fee, the chances of retrieving this data from the hackers is zero. It’s a powerful and destructive cyber-attack, one which has the potential to cause significant damage not just to security, but also IT infrastructures.
It’s an attack method which could strike anywhere at any time, you don’t have to be in Ukraine. Therefore, it’s crucial that we understand how wiper malware works. And, more importantly, how to protect your data.
The Cyber-Attack on Ukraine
The wiper malware in this opportunistic attack, which comes at a time of intense internal chaos, has been identified as HermeticWiper. It followed on from an earlier attack which had targeted Ukraine’s banks through a number of co-ordinated DDoS attacks. It came several hours before Russia launched its invasion campaign but, as yet, nobody has been identified as being behind the attack. What is known is that it’s a new strain of malware which, according to its date stamp, was created towards the end of 2021. Clearly, this attack had been in the works for some time.
Once downloaded onto a PC, HermeticWiper sets about wiping all the data from its hard drive. It achieves this objective by taking advantage of existing disc and storage management software. With this software compromised, HermeticWiper turns it against the PC to corrupt any data within its grasp and then reboots the PC. But it doesn’t stop there. HermeticWiper is also keen to attack any data recover software on the machine and also interferes with the hard drive’s rebooting system.
How Do You Stop Wiper Malware?
The government of Ukraine has a significant reach and has appealed to its native hackers to assist in protecting the country’s IT infrastructures. Unfortunately, almost all organizations will struggle to raise this level of support. But there’s still plenty you can do:
- Backup Carefully: it’s unlikely that you will be able to retrieve the original copies of your data, but if you backup correctly you shouldn’t have any problems. Malware, of course, can spread through networks like wildfire, so it’s important that you keep copies of your backups on isolated networks. And, don’t forget, multiple backups on different storage mediums is key to retaining your data.
- Be Email Aware: email is one of the most common methods for distributing malware and it’s surprisingly easy to fall victim to these attacks. All it takes is a momentary lapse in concentration, such as not checking a link correctly, for malware to take hold of your PC. Therefore, always hover your mouse cursor over links to identify their true destination and, to be completely sure, ask an IT professional to verify the link before doing anything.
- Act Quickly If Infected: as soon as a wiper-malware is attacked, it’s critical that you begin segmenting your networking to minimize the malware’s spread. While this will not protect all your data, it will allow you to save large chunks of your data. Accordingly, it’s important you ensure your networks are constantly monitored for unusual activity to help you launch a contingency effort such as this.
For more ways to secure and optimize your business technology, contact your local IT professionals.
