Increasing Cases of Wiperware Infection

Microsoft® Windows OS Systems Networks
Advisory ID:
January 19, 2023


There is heightened risk of getting infected with wiper malware (or wiperware) which often masquerade as ransomware, but are arguably more lethal as they erase or corrupt data permanently – providing no means of recovering the affected data. Increased prevalence of wiperware is likely due to its use in the ongoing war in Eastern Europe; however, there have been noteworthy incidences of its use going back a decade. Threat actors who deploy wiperware do so without expectation of financial gain – which is probably why it has taken the backseat to its cousin, ransomware, over the years.

Description & Consequence

Wiperware is a Trojan similar to ransomware, therefore mode of delivery is typically via established social engineering or phishing techniques. Once infected, there may even be a ransom note in a README.txt file. The aim is to fool the victim into thinking it is ransomware and pay the ransom. Nevertheless, any file affected by wiperware can never be recovered.

In other instances, the aim is to bring down critical infrastructure, thus there is no pretence to being ransomware. Once persistence is achieved, the malware will infect critical files one-by-one in order to inhibit particular infrastructure from functioning as intended.

This particular type of malware targets databases and user files by either erasing or corrupting them to an irretrievable state.


To prevent or minimize the damage that can be caused by wiperware, the following steps can be taken:

  1. Cybersecurity awareness and education to staff of the organization especially on how to detect phishing emails.
  2.  Comprehensive use of anti-malware and endpoint detection and response (EDR) solutions.
  3. Integrate a security information and event management (SIEM) platform to monitor system and network behavior.
  4. Always keep operating systems and software up-to-date.



Related Articles