"The wiper removes recovery mechanisms, overwrites the content of physical drives, and systematically deletes files across affected volumes, ultimately leaving the system in an unrecoverable state."
"The lack of payment instructions or an extortion method, and the malware's upload during a period of increased malware activity targeting the energy and utility sector in Venezuela, suggest that Lotus Wiper is extremely targeted."
"Lotus Wiper's execution chain starts with a batch script that attempts to stop the legacy Windows service Interactive Services Detection (UI0Detect) to prevent visible warnings that a malicious activity occurs in the background."
Lotus Wiper is a new wiper malware used in attacks against the energy and utilities sector, particularly targeting an organization in Venezuela. The malware employs two batch scripts to weaken defenses and disrupt operations before executing the final payload. It removes recovery mechanisms, overwrites physical drives, and deletes files, rendering systems unrecoverable. The lack of extortion methods and its timing during increased malware activity suggest a highly targeted attack. Geopolitical tensions in the Caribbean region may be linked to these cyberattacks.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]