A breach to your clients means a negative impact to your business in terms of productivity and profitability. You spend time and resources to help your customers recover, and even more of both to keep clients on your service post-breach. Stopping malware before they occur will keep your clients and your business secure.
HermeticWiper, a new malware first seen by ESET and Symantec, has been observed infecting organizations in Ukraine, Latvia, and Lithuania. Leveraging a digital signature from “Hermetica Digital,” and using real recovery drivers (from EaseUS), the attack relies on transitive trust in order to perform its malicious behavior. While some organizations have noted that ransomware has been seen deployed alongside, potentially as cover, this threat appears to be solely focused on destruction of data.
The wiper, seen being implanted via Active Directory, places the appropriate drivers on the victim machine as a Windows service. After establishing a foothold, the system’s Master Boot Record is destroyed and the machine is rebooted, preventing the device from initializing.
Here are deeper details from BlackBerry:
Video linkTo learn more about preventing the latest malware, please visit https://blogs.blackberry.com/en. To discuss partnering with BlackBerry and to leverage the Cylance® portfolio to secure your clients and your business, please reach out to BlackBerry @ https://www.blackberry.com/us/en/partners/become-mssp.
Guest blog courtesy of BlackBerry Cylance. Read more BlackBerry Cylance blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.
