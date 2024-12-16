Many headline-making cybersecurity news stories evolve around phishing attacks and ransomware attacks. But wiper malware, a newer threat vector, might be far worse than phishing and ransomware combined.

What is wiper malware?

As the name suggests, wiper malware erases a victim's systems. Also called wiperware, it is a malicious payload designed to cause total destruction to all of the data and programs in an organization's infrastructure. Wiperware is often used in cyberwarfare and in attacks against government agencies, critical infrastructure and mission-critical business processes.

Unlike ransomware and phishing, which have some possibility for data recovery after an attack, wiperware causes total loss and destruction. Wiperware can be compared to a Category 5 hurricane, while phishing and ransomware can be compared to tornadoes. Because of its wrath and level of severity, wiper malware could drive a company out of business, in that its purpose is to destroy data.

Wiper malware dates to 2012, when Kaspersky researchers published information about Wiper malware used against Iranian computer systems and Shamoon wiperware used against a Saudi oil and gas company.

At the time, wiperware wasn't used widely because it eliminates the profit motive for cyberattackers. The first major wiperware uptick was noticed by several incident response companies in 2022, after Russia invaded Ukraine.

In the years since, wiperware has been used in many high-profile breaches and cyberwarfare attacks. Well-known variants include NotPetya, Industroyer, HermeticWiper, HermeticWizard and HermeticRansom.