HOMETHREATSHermeticWiper
MALWARE FAMILY

HermeticWiper

Internal ID: win.hermeticwiper
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to SentinelLabs, HermeticWiper is a custom-written application with very few standard functions. It abuses a signed driver called "empntdrv.sys" which is associated with the legitimate Software "EaseUS Partition Master Software" to enumerate the MBR and all partitions of all Physical Drives connected to the victims Windows Device and overwrite the first 512 Bytes of every MBR and Partition it can find, rendering them useless.

This malware is associated to the malware attacks against Ukraine during Russians Invasion in February 2022.

Threat Analysis

HermeticWiper is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

win.hermeticwiper

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.