The Austrian IT security test laboratory AV-Comparatives has tested the protection against the recently discovered malware HermeticWiper. The data-wiping malware has been used in international targeted attacks, such as in Ukraine. Their goal is not to steal money or data, but simply to render victims' computers unusable.
HermeticWiper abuses the services of a legitimate company that produces hard drive partitioning software. This type of utility can create, modify and delete the data storage areas (partitions) on a computer's system disk. HermeticWiper uses (unauthorized) this useful utility to corrupt the boot information of the system disk, making the computer unbootable. The malware then overwrites the partitions on the hard drive, making the data on it unreadable even if the hard drive is transferred to an uninfected computer. To avoid detection, HermeticWiper also uses a digital code-signing certificate (an indicator of genuine, non-malicious software), which appears to have been stolen.
19 enterprise products and 17 end user packages tested
AV-Comparatives conducted a test in which programs from vendors in the Main Test Series for consumers and companies were tested for protection against variants of HermeticWiper.
Enterprise endpoint security manufacturer
Acronis, Avast, Bitdefender, Cisco, CrowdStrike, Cybereason, Elastic, ESET, Fortinet, G Data, K7, Kaspersky, Malwarebytes, Microsoft, Sophos, Trellix, VIPRE, VMware and WatchGuard.
Consumer antivirus manufacturer
Avast, AVG, Avira, Bitdefender, ESET, G Data, K7, Kaspersky, Malwarebytes, McAfee, Microsoft, NortonLifeLock, Panda, Total Defense, TotalAV, Trend Micro and VIPRE.
The HermeticWiper malware threats have been tested using the Real-World Protection Test Framework developed by AV-Comparatives. All tested products were able to effectively protect the system against multiple variants of HermeticWiper malware.
More at AV-Comparatives.org
About AV-Comparatives AV-Comparatives is an independent AV test laboratory based in Innsbruck, Austria, and has been publicly testing computer security software since 2004. It is certified according to ISO 9001: 2015 for the area of "Independent tests of anti-virus software". It also has EICAR certification as a "Trusted IT Security Testing Lab".