HermeticWiper and PartyTicket Targeting Computers in Ukraine

HermeticWiper and PartyTicket Targeting Computers in Ukraine

insikt-logo-blog.png
Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

This report is a technical overview of the HermeticWiper and PartyTicket malware reported by ESET and Symantec on February 23, 2022. The malware was primarily delivered to Ukrainian organizations coincident with the Russian invasion of Ukraine. It is intended for those looking for a high-level overview of the malware’s TTPs and mitigations.

Executive Summary

Insikt Group analyzed the HermeticWiper malware and the associated ransomware component named PartyTicket that were first publicly reported targeting Ukrainian organizations on February 23, 2022. We determined that both components serve the purpose of data destruction, with the “ransomware” component differing significantly in form and function from known criminal ransomware threats.

Key Judgments

Editor’s Note: This post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.