urlscan.io logo urlscan.io
SecurityTrails logo

www.recordedfuture.com Open in urlscan Pro
104.18.12.124  Public Scan

Back to summary
Submitted URL: https://www.recordedfuture.com/hermeticwiper-partyticket-targeting-computers-ukraine/'
Effective URL: https://www.recordedfuture.com/hermeticwiper-partyticket-targeting-computers-ukraine/
Submission: On April 26 via api from CA — Scanned from CA

Form analysis 2 forms found in the DOM

/

<form class="mega-search expand-to-left mega-search-closed" role="search" action="/">
  <span class="dashicons dashicons-search search-icon"></span>
  <input type="submit" value="Search">
  <input type="text" aria-label="Search..." data-placeholder="Search..." name="s" placeholder="">
</form>

GET https://www.recordedfuture.com/

<form role="search" method="get" action="https://www.recordedfuture.com/">
  <label>
    <span class="screen-reader-text">Search for:</span>
    <input type="hidden" name="blog" value="1">
    <input type="search" class="search-field" placeholder="Search …" value="" name="s">
    <input type="submit" class="search-submit" value="Search">
  </label>
</form>

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

Accept
Manage consent
We use cookies to optimize our website and our service. Cookie
Policy - Impressum
DismissAccept
MENUMENU
 * 
 * Blog
 * Careers
 * Live Product Tour
 * Support
 * Sign In
 * Contact
 * * 
   * 
   * 
   * 
   * 

 * 
 * Get a Demo
 * RESOURCES
 * PARTNERS
   * * * 
         
         
         RECORDED FUTURE EXPRESS
         
         Learn More
     * * OverviewAs a Recorded Future Connect Partner, you can deliver threat
         intelligence to your clients whenever and wherever they need it.
       * Partner Portal Log In
     * * Partners
       * Value-Added Reseller
       * Technology Partners
       * Managed Security Service Providers
       * OEM
 * COMPANY
   * 
   * About
   * Clients
   * Events
   * News
   * Careers
   * 
 * SOLUTIONS
   * * 
     
     * * SOLUTIONS
       
       * Brand Intelligence
       * SecOps Intelligence
       * Threat Intelligence
       * Vulnerability Intelligence
       * Third-Party Intelligence
       * Geopolitical Intelligence
       * Card Fraud Intelligence
       * Identity Intelligence
       * Attack Surface Intelligence
     
     * * THREATS
       
       * Ransomware
       * Nation-State Attacks
       * Phishing
       * Supply and Third-Party Risk
       * Dark Web Monitoring
     * 
 * PLATFORM
   
   * * * Live Product Tour See Intelligence-Led Security In Action
         
         The Record Delve into breaking cybersecurity news from The Record —
         also available on the platform.
     * * OverviewExplore the world’s most advanced intelligence platform.
       * Intelligence GraphTake a closer look at how we generate intelligence,
         at scale, in real-time.
       * Interaction PointsDelivering the right intelligence at the right time,
         right where you need it.
     * * IntegrationsPowerful APIs make it easy to integrate intelligence into
         your existing tech stack.
       * Client ServicesApplying our collective knowledge to ensure client
         success.
       * License OptionsOur modular approach makes it easy to customize the
         intelligence solution your organization needs.




HERMETICWIPER AND PARTYTICKET TARGETING COMPUTERS IN UKRAINE

March 2, 2022 • Insikt Group

Russia



Editor’s Note: The following post is an excerpt of a full report. To read the
entire analysis, click here to download the report as a PDF.

This report is a technical overview of the HermeticWiper and PartyTicket malware
reported by ESET and Symantec on February 23, 2022. The malware was primarily
delivered to Ukrainian organizations coincident with the Russian invasion of
Ukraine. It is intended for those looking for a high-level overview of the
malware’s TTPs and mitigations. 


EXECUTIVE SUMMARY

Insikt Group analyzed the HermeticWiper malware and the associated ransomware
component named PartyTicket that were first publicly reported targeting
Ukrainian organizations on February 23, 2022. We determined that both components
serve the purpose of data destruction, with the “ransomware” component differing
significantly in form and function from known criminal ransomware threats.


KEY JUDGMENTS

 * The use of a wiper malware with an associated destructive ransomware
   component is similar in method to WhisperGate, NotPetya, and other operations
   credited to Sandworm.
 * There is insufficient evidence at this time to attribute HermeticWiper to the
   Russian state, but the timing of the mass deployment of HermeticWiper with
   kinetic attacks and other cyberattacks on Ukraine, and a methodology similar
   to past attacks by Russian government-associated actors, lends credence to
   such an attribution.
 * The PartyTicket ransomware attacks are unlikely to be a true ransomware
   campaign conducted for financial gain. It is more likely that the ransomware
   component is a ruse and the real purpose of the attacks are disruption and
   data destruction.

Editor’s Note: This post is an excerpt of a full report. To read the entire
analysis, click here to download the report as a PDF.

CATEGORIES

 * Company
 * Cyber Threat Intelligence
 * Geopolitical Intelligence
 * Opinion
 * Podcast
 * Product
 * Research
 * Security Leadership
 * Security Operations
 * Threat Intelligence
 * Vulnerability Management

Search for:
 * Popular

COMBATTING DATA AND CREDENTIAL EXPOSURE WITH INTELLIGENCE

March 30, 2022

THE MEDIA ENVIRONMENT AND DOMESTIC PUBLIC OPINION IN CHINA TOWARD RUSSIA’S WAR
ON UKRAINE

March 8, 2022

HOW LEADING SECURITY TEAMS FIGHT RANSOMWARE BURNOUT WITH AUTOMATION

February 15, 2022

ATTACK SURFACE MANAGEMENT DRIVING SECURE DIGITAL TRANSFORMATION

February 10, 2022

HOW RANSOMWARE GANGS USE AUTOMATION, AND HOW YOU CAN BEAT IT

February 9, 2022



RELATED POSTS

THE ROLE OF CIVIL SOCIETY AND THE UNITED FRONT IN CHINA’S EVACUATION FROM
UKRAINE

April 19, 2022 • Devin Thorne

This article discusses civil-society groups for Chinese citizens living abroad
from the Chinese...

Read more

IN GERMANY, INDUSTRIAL SECTOR HIT HARDEST BY RANSOMWARE IN 2020 AND 2021

April 12, 2022 • Julian-Ferdinand Vögele, Allan Liska, and Charlotte Edwards

In recent years, ransomware has become a serious threat to most modern, IT-based
economies and...

Read more

CONTINUED TARGETING OF INDIAN POWER GRID ASSETS BY CHINESE STATE-SPONSORED
ACTIVITY GROUP

April 6, 2022 • Insikt Group

Editor’s Note: The following post is an excerpt of a full report To read the
entire analysis,...

Read more

Platform

 * Overview
 * Intelligence Graph
 * Interaction Points
 * Integrations
 * Services
 * License Options
 * The Record

Solutions

 * Brand Intelligence
 * SecOps Intelligence
 * Threat Intelligence
 * Vulnerability Intelligence
 * Third-Party Intelligence
 * Geopolitical Intelligence
 * Card Fraud Intelligence
 * Identity Intelligence
 * Attack Surface Intelligence

Partners

 * Overview
 * VAR
 * Technology
 * MSSP
 * OEM

Company

 * About
 * Clients
 * Events
 * News
 * Careers
 * Contact
 * The Intelligence Fund

Resources

 * Blog
 * Cyber Daily
 * Handbook
 * Videos
 * Podcasts
 * Reports
 * Webinars

Information

 * Cookies
 * Security FAQ
 * Sign In
 * Privacy
 * Support
 * Terms

--------------------------------------------------------------------------------

Copyright © 2022 Recorded Future, Inc.

--------------------------------------------------------------------------------

Cookies ∙ Privacy ∙ Terms

Copyright © 2022 Recorded Future, Inc.