This website uses cookies to ensure you get the best experience on our website.
Please note that by continuing to use this site you consent to the terms of our Privacy and Data Protection Policy .
Some of our partner services are located in the United States. According to the case law of the European Court of Justice, there is currently no adequate data protection in the USA. There is a risk that your data will be controlled and monitored by US authorities. You cannot bring any effective legal remedies against this.
Accept

AV-Comparatives tests Anti-Virus Software protection against the Hermetic Wiper malware

Austrian IT-security testing lab AV-Comparatives has tested protection against the recently-emerged Hermetic Wiper malware.  

The data-wiping malware has been used in international targeted attacks. Its aim is not to steal money or data, but simply to make victims’ computers unusable. To do this, it abuses the services of a legitimate company that makes disk partitioning software. This type of utility can create, modify and delete the data storage areas (partitions) of a computer’s system disk. Hermetic Wiper makes (unauthorised) use of this useful utility program to corrupt the system disk’s boot information, meaning that the computer cannot start up. The malware then overwrites the partitions on the disk, making the data on them unreadable, even if the disk is transferred to an uninfected computer.  

In an attempt to avoid detection, Hermetic Wiper also makes use of a digital code-signing certificate (an indicator of genuine, non-malicious software), which was apparently stolen.

There have now been several waves of similar malware with a focus on destroying data. The most recent, dubbed CaddyWiper, has been observed targeting organisations with links to Ukraine, and overwrites files with a NULL value to render them unusable.

AV-Comparatives has run a malware protection test of Enterprise Endpoint Security and Consumer Anti-Virus Vendors for protection against variants of Hermetic Wiper, including the latest CaddyWiper malware. These are:

Enterprise Endpoint Security Vendors 

Acronis, Avast, Bitdefender, Check Point, Cisco, CrowdStrike, Cybereason, Elastic, ESET, Fortinet, G Data, K7, Kaspersky, Malwarebytes, Microsoft, Sophos, Trellix, VIPRE, VMware and WatchGuard. 

Consumer Anti-Virus Vendors 

Avast, AVG, Avira, Bitdefender, ESET, G Data, K7, Kaspersky, Malwarebytes, McAfee, Microsoft, NortonLifeLock, Panda, Total Defense, TotalAV, Trend Micro and VIPRE. 

The Hermetic Wiper malware threats have been tested using the Real-World Protection Test framework developed by AV-Comparatives. 

All of the tested products were able to protect the system effectively against multiple variants of the Hermetic Wiper malware. 

General Advise

In any conflicts, not only the current ones, an increase of cyberthreats is possible for authorities, institutions and organizations. In addition, an increased threat situation can be expected for all companies and organizations that are located in geographical exposed regions or have a recognizable relationship with them (e.g. trading partners, etc.). Furthermore, disinformation campaigns might be used. It must be taken into account that cyber operations are can be carried out in the phase of preparation of possible escalation stages, such as armed conflicts.  

The implementation of the internationally available recommendations is strongly recommended.  

Using strong Cybersecurity software and a list of proven measures to strengthen cyber resilience has been published by AV-Comparatives, ENISA and CERT-EU.

Updated on 1st April 2022.