Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

Fighting the continued rise of wiper malware

By Douglas Jose Pereira dos Santos
malware-freepik1170.jpg

Image by suttipunfpik via Freepik

October 20, 2022

Wiper malware deployments are rising in 2022, a trend that reveals a disturbing evolution of more destructive and sophisticated attacks. The term “wiper” refers to the malware’s most fundamental operation, which is to wipe (erase) the victim’s computer’s data (disk data, operating system, or even firmware) . Wiper malware is more broadly referred to as malicious software that seeks to delete data.


These are heavy-hitting attacks in terms of the damage they can cause, which is why staying on top of such developments is vital. With the right know-how and the right tools, security teams can ensure they’re bolstered for this battle. 


Wiper malware on the rise, fueled by the Russian-Ukraine war


Threat actors have used disk-wiping malware to target vital infrastructure much more frequently as a result of the war in Ukraine. In the first half of 2022, FortiGuard Labs identified at least seven significant new wiper variants that were being deployed in several campaigns against governmental, military and commercial institutions. The fact that this figure is so close to the total number of wiper variants that have been discovered since 2012 makes it relevant — and worrisome.


Many in the security community believe organizations supporting Russian military objectives were behind many of the wiper assaults in Ukraine during the first half of 2022, though they haven’t always been able to validate this with certainty. CaddyWiper is one example, a variation that was used shortly after the war started to erase data and partition information from drives on systems belonging to a small number of Ukrainian organizations.


Additional wiper iterations include IsaacWiper, a malware tool for overwriting data in disk drives and attached storage to render them unusable; WhisperGate, a wiper that Microsoft found was being used in attacks against Ukrainian entities in January 2022; and HermeticWiper, a tool for inducing boot failures that SentinelLabs discovered being used in similar attacks. WhisperKill, DoubleZero and AcidRain were the other three wipers that we saw in the first half of 2022 aimed at Ukrainian businesses and infrastructure.


The implications of wiper malware


It was surprising to see the number of such attacks that also spread to other nations, as has happened in the past when there has been violence in the region. Since the conflict started in February 2022, we have found more wiper malware abroad than within Ukraine. During the first half of this year, wiper activity was discovered in 24 nations besides Ukraine.


AcidRain is one such instance — a wiper that was intended to target a Ukrainian satellite broadband service provider but also wound up being used in an attack that took about 6,000 wind turbines in Germany offline. Attacks like these show the ability to cross boundaries, whether they be geographical or IT/OT-related.


The unexpected surge in wiper malware is problematic for IT security teams. Although there haven’t been many detections so far, the malware’s characteristics and how threat actors deploy it makes this category especially dangerous, so security teams must be on the lookout for it.


Four best practices to combat the threat 


Organizations can and should employ a number of best practices to lessen the effects of wiper malware:


·        Segmentation: Effective network segmentation is helpful in several ways. For instance, it can restrict an attack’s effects to a certain area of the network. Additionally, firewalls can identify communications to known command and control servers, the movement of harmful files throughout the network, and the spread of malware when used in conjunction with anti-virus and intrusion prevention systems.

·        Backup: Having backups available is the best defense against ransomware and wiper viruses. Malware frequently actively hunts for backups on the system or on the network (for example, Windows Shadow Copy) so it can wipe them. To withstand sophisticated attacks, backups must be kept offline and off-site. While discussing backups, it is necessary to note that their existence is crucial, but so is a thorough recovery process. Additionally, to reduce downtime, the IT team must periodically practice recovery from backup. 

·        NDR: To minimize the impact of wiper attacks, network detection and response (NDR) with self-learning artificial intelligence (AI) is helpful to better detect intrusions.

·        Incident Response and Pen Testing Drills: The effectiveness of the incident response, both in terms of speed and quality, can have a significant impact on how the attack turns out. How the incident response team handles and reacts to the attack could make the difference between successfully preventing data loss and total data erasure in case penetration is discovered before wiper malware is deployed. One should conduct regular exercises to understand the capabilities of responding to these incidents. How quickly can teams recover? Are there any pain points? 

·        Disaster recovery plan: How well is the organization prepared for what happens after a wiper is deployed in the network? What procedures have been established for business continuity without IT? How will the organization restore data from backups and tell customers and the public about the incident? All of these tactics need to be determined before an attack. A disaster recovery plan, which will be useful under the tremendous pressure of an active compromise, should specify all of this and more.


Fighting crime without borders


We saw a surge of wipers being deployed in the first half of 2022 in parallel with the Russia-Ukraine war. But those wipers aren’t staying in one place. They’re proliferating around the world because there are truly no borders when it comes to cybercriminal activity. That means you need to stay updated with ongoing threat intelligence and follow best practices such as those outlined above. These will help prevent the disaster of a wiped hard drive.

KEYWORDS: cyber security information security malware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Douglas santos

Douglas Jose Pereira dos Santos is the advanced threat intelligence lead for Fortinet’s FortiGuard Labs. With close to two decades working with networking and security technology daily, with a significant portion of time spent designing, implementing and troubleshooting security and networking technologies, Douglas has considerable experience on the front lines of cybersecurity. Currently, he works as a security strategist for Fortinet’s FortiGuard Labs using his experience and skills to understand how the threat landscape is shifting and what it means for customers and partners of Fortinet. 

 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Person working on laptop

Governance in the Age of Citizen Developers and AI

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cell phone on gray wooden desk

    Not so innocent: Malware-laden memes on the rise

    See More
  • computer open to chatgpt screen

    Fighting the dark side of generative AI

    See More
  • vertical green text on black screen

    The rise of AI in SASE applications will fend off cyber threats

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing