HermeticWiper is designed to delete data and thus render devices using the Windows Operating System (OS) inoperable. Attacks of this type can be incredibly devastating. They can cause permanent loss of crucial data and disrupt essential services.
As of February 28, 2022 Microsoft Defender Antivirus detects and removes this threat.
On February 24, 2022, the Avast Threat Labs discovered a new ransomware strain accompanying the HermeticWiper malware.
Following this naming convention, they opted to name the strain we found piggybacking on the wiper, HermeticRansom, whereas others called that ransomware component PartyTicket. According to analysis done by Crowdstrike’s Intelligence Team, the ransomware contains a weakness in the crypto schema and can be decrypted for free.
If your device has been infected with HermeticRansom and you want to decrypt your files, please, follow these steps:
[1] Download the free Avast decryptor here
[2] Simply run the executable file. It starts in the form of a wizard, which leads you through the configuration of the decryption process
[3] Click 'Next'
[4] Then, select from the list of locations which you want to be searched and decrypted
[5] On the final wizard page, you can opt-in whether you want to backup encrypted files. These backups may help if anything goes wrong during the decryption process. This option is turned on by default
[6] After clicking 'Decrypt', the decryption process begins. Let the decryptor work and wait until it finishes.
The latest release of Avast HermeticWiper Ransomware Decryptor is version 1.0.0.722 [May 29, 2024].
Microsoft's 'Cyber threat activity in Ukraine: analysis and resources' [Last updated April 27, 2022]. See here.
No comments:
Post a Comment