Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Medium
Trojan.Killdisk is a new disk-wiping malware recently discovered by security researchers. The wiper attacks are targeted towards Ukraine in support of the Russian invasion, and these signatures can also be seen in attacks in Lithuania. Targeted sectors are aviation, defense, IT services, and the financial sector.
HermeticWiper (Trojan.Killdisk) is interestingly digitally signed by a certificate issued to Hermetica Digital Ltd (the origin of the name).
It contains 32-bit and 64-bit driver files which are compressed by the Lempel-Ziv algorithm stored in their resource section. The driver files are signed by a certificate issued to EaseUS Partition Master. The malware will drop the corresponding file according to the operating system (OS) version of the infected system. Driver file names are generated using the Process ID of the wiper. – Security Researchers
Upon execution, HermeticWiper will damage the MBR (Master Boot Record) of the victim’s system, which will render it inoperable. Organizations compromised using this wiper date back to November of 2021. A Microsoft SQL Server vulnerability was also used to attack organizations in Ukraine and along with the wiper, ransomware was also deployed against affected organizations.
“If your device has been infected with HermeticRansom and you’d like to decrypt your files, click here to skip to the How to use the Avast decryptor to recover files.”