Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

Fighting the continued rise of wiper malware

By Douglas Jose Pereira dos Santos
malware-freepik1170.jpg

Image by suttipunfpik via Freepik

October 20, 2022

Wiper malware deployments are rising in 2022, a trend that reveals a disturbing evolution of more destructive and sophisticated attacks. The term “wiper” refers to the malware’s most fundamental operation, which is to wipe (erase) the victim’s computer’s data (disk data, operating system, or even firmware) . Wiper malware is more broadly referred to as malicious software that seeks to delete data.


These are heavy-hitting attacks in terms of the damage they can cause, which is why staying on top of such developments is vital. With the right know-how and the right tools, security teams can ensure they’re bolstered for this battle. 


Wiper malware on the rise, fueled by the Russian-Ukraine war


Threat actors have used disk-wiping malware to target vital infrastructure much more frequently as a result of the war in Ukraine. In the first half of 2022, FortiGuard Labs identified at least seven significant new wiper variants that were being deployed in several campaigns against governmental, military and commercial institutions. The fact that this figure is so close to the total number of wiper variants that have been discovered since 2012 makes it relevant — and worrisome.


Many in the security community believe organizations supporting Russian military objectives were behind many of the wiper assaults in Ukraine during the first half of 2022, though they haven’t always been able to validate this with certainty. CaddyWiper is one example, a variation that was used shortly after the war started to erase data and partition information from drives on systems belonging to a small number of Ukrainian organizations.


Additional wiper iterations include IsaacWiper, a malware tool for overwriting data in disk drives and attached storage to render them unusable; WhisperGate, a wiper that Microsoft found was being used in attacks against Ukrainian entities in January 2022; and HermeticWiper, a tool for inducing boot failures that SentinelLabs discovered being used in similar attacks. WhisperKill, DoubleZero and AcidRain were the other three wipers that we saw in the first half of 2022 aimed at Ukrainian businesses and infrastructure.


The implications of wiper malware


It was surprising to see the number of such attacks that also spread to other nations, as has happened in the past when there has been violence in the region. Since the conflict started in February 2022, we have found more wiper malware abroad than within Ukraine. During the first half of this year, wiper activity was discovered in 24 nations besides Ukraine.


AcidRain is one such instance — a wiper that was intended to target a Ukrainian satellite broadband service provider but also wound up being used in an attack that took about 6,000 wind turbines in Germany offline. Attacks like these show the ability to cross boundaries, whether they be geographical or IT/OT-related.


The unexpected surge in wiper malware is problematic for IT security teams. Although there haven’t been many detections so far, the malware’s characteristics and how threat actors deploy it makes this category especially dangerous, so security teams must be on the lookout for it.


Four best practices to combat the threat 


Organizations can and should employ a number of best practices to lessen the effects of wiper malware:


·        Segmentation: Effective network segmentation is helpful in several ways. For instance, it can restrict an attack’s effects to a certain area of the network. Additionally, firewalls can identify communications to known command and control servers, the movement of harmful files throughout the network, and the spread of malware when used in conjunction with anti-virus and intrusion prevention systems.

·        Backup: Having backups available is the best defense against ransomware and wiper viruses. Malware frequently actively hunts for backups on the system or on the network (for example, Windows Shadow Copy) so it can wipe them. To withstand sophisticated attacks, backups must be kept offline and off-site. While discussing backups, it is necessary to note that their existence is crucial, but so is a thorough recovery process. Additionally, to reduce downtime, the IT team must periodically practice recovery from backup. 

·        NDR: To minimize the impact of wiper attacks, network detection and response (NDR) with self-learning artificial intelligence (AI) is helpful to better detect intrusions.

·        Incident Response and Pen Testing Drills: The effectiveness of the incident response, both in terms of speed and quality, can have a significant impact on how the attack turns out. How the incident response team handles and reacts to the attack could make the difference between successfully preventing data loss and total data erasure in case penetration is discovered before wiper malware is deployed. One should conduct regular exercises to understand the capabilities of responding to these incidents. How quickly can teams recover? Are there any pain points? 

·        Disaster recovery plan: How well is the organization prepared for what happens after a wiper is deployed in the network? What procedures have been established for business continuity without IT? How will the organization restore data from backups and tell customers and the public about the incident? All of these tactics need to be determined before an attack. A disaster recovery plan, which will be useful under the tremendous pressure of an active compromise, should specify all of this and more.


Fighting crime without borders


We saw a surge of wipers being deployed in the first half of 2022 in parallel with the Russia-Ukraine war. But those wipers aren’t staying in one place. They’re proliferating around the world because there are truly no borders when it comes to cybercriminal activity. That means you need to stay updated with ongoing threat intelligence and follow best practices such as those outlined above. These will help prevent the disaster of a wiped hard drive.

KEYWORDS: cyber security information security malware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Douglas santos

Douglas Jose Pereira dos Santos is the advanced threat intelligence lead for Fortinet’s FortiGuard Labs. With close to two decades working with networking and security technology daily, with a significant portion of time spent designing, implementing and troubleshooting security and networking technologies, Douglas has considerable experience on the front lines of cybersecurity. Currently, he works as a security strategist for Fortinet’s FortiGuard Labs using his experience and skills to understand how the threat landscape is shifting and what it means for customers and partners of Fortinet. 

 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cell phone on gray wooden desk

    Not so innocent: Malware-laden memes on the rise

    See More
  • computer open to chatgpt screen

    Fighting the dark side of generative AI

    See More
  • vertical green text on black screen

    The rise of AI in SASE applications will fend off cyber threats

    See More

Related Products

See More Products
  • highriseproductphoto

    High-Rise Security and Fire Life Safety, 3rd edition

  • databasehacker

    The Database Hacker's Handboo

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!