Wiper Malware
Cyber AttackCyber SecurityCyber SpaceCyber ThreatInternetSecurity Threats

What is a Wiper?

by Amit Thakur

In cybersecurity, a Wiper is a class of malware whose primary objective is to permanently destroy or erase data from a victim’s system. Unlike most malware that seeks to steal data (Spyware) or hold it for ransom (Ransomware), Wipers are purely destructive. They often target critical system files, the Master Boot Record (MBR), or user databases to render the hardware unbootable or the data unrecoverable.

How a Wiper Works?

Wipers use several aggressive techniques to ensure data is gone for good. They don’t just “delete” files (which can often be recovered); they overwrite the underlying storage.

  • File Overwriting: Replaces the content of files with random data or zeros. Advanced variants only overwrite the first few kilobytes of thousands of files to maximize speed while still corrupting the data beyond repair.
  • Master Boot Record (MBR) Corruption: Targets the tiny part of the hard drive that tells the computer how to load the operating system. If the MBR is wiped, the computer won’t start at all.
Wipers
  • File System Destruction: Targets the “index” of the hard drive (like the NTFS Master File Table). Without this index, the computer doesn’t know where any files are located.
  • Encryption without a Key: Some wipers “pretend” to be ransomware by encrypting files. But they purposefully discard the decryption key so the data can never be unlocked.age

Why do Hackers use Wipers?

Since there is no money to be made from a wiper, the motivations are usually different:

  • Cyberwarfare: Nation-states use them to cripple an enemy’s infrastructure (e.g., power grids, banks).
  • Covering Tracks: After a hacker steals data (espionage), they may deploy a wiper to destroy the evidence of their intrusion and distract the security team with a massive “fire” to put out.
  • Sabotage: Political or ideological groups (hacktivists) use them to silence or damage an organization they dislike.
Wiper

Famous Examples

  • Shamoon (2012): Attacked Saudi Aramco, wiping 30,000 computers and replacing data with an image of a burning U.S. flag.
  • NotPetya (2017): Disguised as ransomware, it hit thousands of companies globally (like Maersk and FedEx), causing billions in damage. It was designed to look like a ransom attempt but had no way to decrypt the files.
  • HermeticWiper (2022): Deployed against Ukrainian organizations just before the 2022 invasion to disable government and financial systems.

Related Posts

Rootkit Malware

What is a Rootkit?

A Rootkit is a collection of malicious computer software that is designed to gain administrator-level access (“root” access) to a system while actively and aggressively hiding its presence and the presence of other malicious tools (like keyloggers or bots) from the user and security software. How Rootkits Work? The primary…

Computer Viruses

What is a Computer Virus?

A computer virus is a type of malicious software (malware) designed to replicate itself and spread from one computer to another by “infecting” legitimate programs or files. Just like a biological virus requires a human host cell to reproduce, a computer virus requires a host program (like a Word document…

Computer Malware

What is a Malware?

A Malware (a contraction of malicious software) is a blanket term for any software or code intentionally designed to damage, disrupt, or gain unauthorized access to a computer system, network, or data. Cyber criminals use malware to achieve various harmful goals, typically for financial gain, but also for espionage, sabotage,…

Leave a Reply

Your email address will not be published. Required fields are marked *