Under attack?
Close

Get in Touch

Contact us to learn more about our elite cybersecurity services and industry-leading technologies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Close
Breachquest

Emergency Incident Assistance

Is your network under attack? Get in touch with a
BreachQuest Specialist right away with this form.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811
Contact for non-emergency Contact for non-emergency

Hermetic Wiper

A wiper malware that was first seen Q12022. It damages the master boot record making the device unable to boot the operating system. Then the HermeticWiper continues to wipe all the partitions, not just the primary. The malware also enumerates common folders (‘My Documents,’ ‘Desktop,’ ‘AppData’), references the registry (‘ntuser’), and Windows Event Logs. It also modifies several registry keys, including setting the SYSTEM\CurrentControlSet\Control\CrashControl CrashDumpEnabled key to 0, effectively disabling crash dumps before the abused driver’s execution starts. It then waits on sleeping threads before initiating a system shutdown to launch its destructive process. This was first seen in the cyber attacks by Russia on Ukraine

Go Back Go to Glossary index
Share this article:

Sign up for our newsletter to get more industry news and insights.

Related Resources

Malware can be Tricky: HermeticWiper Hidden in Plain Sight

Learn more

HermeticWiper - New Destructive Malware used in Cyber Attacks on Ukraine

Learn more