Wiper Malware
Malicious software designed solely to permanently destroy data or damage victim systems - with no possibility of data recovery.
What is Wiper Malware?
Wiper malware is a category of malicious software whose sole purpose is to permanently destroy data on infected systems. Unlike ransomware, which encrypts data and offers recovery in exchange for a ransom, a wiper leaves no possibility of restoring information - data is overwritten, partition tables are destroyed and MBR/GPT records are wiped.
The history of wipers is closely tied to state operations and geopolitical conflicts. Shamoon (2012) destroyed data on 35,000 workstations at Saudi Aramco. NotPetya (2017), though it appeared to be ransomware, was actually a wiper - data was destroyed irreversibly. WhisperGate and HermeticWiper (2022) were used against Ukrainian organisations on the eve of the Russian invasion. AcidRain (2022) struck Viasat satellite modems, disrupting communications.
Data destruction techniques used by wipers include overwriting files with random data, destroying partition tables, overwriting MBR/GPT, manipulating disk drivers (e.g. EldoS RawDisk) and deleting Volume Shadow Copy backups.
Why does it matter?
Wipers represent one of the most destructive threats - their purpose is purely destruction, not financial gain. They are particularly dangerous for critical infrastructure and OT environments, where loss of configuration data can lead to prolonged outages. Defence relies on network segmentation, offline backups (resistant to wipers that destroy network copies), behavioural detection (EDR) and contingency plans that account for total data loss scenarios.
Related topics
Related terms
Related SEQRED services
Need help in this area?
Our experts will help you assess the risk and plan next steps.