- Lotus Wiper, a new data-destroying malware, has been used in targeted attacks against Venezuela’s energy and utilities sector.
- The malware erases recovery tools, overwrites drives, and deletes files to render systems inoperable, with no apparent financial motive.
- Cyber experts from Kaspersky link the campaign to a period of increased attacks in the region, weeks before U.S. military action in January 2026.
- The attack uses sophisticated scripts to disable defenses, wipe drives, and exhaust storage before deploying the final wiper payload.
Cybersecurity researchers have exposed a previously unseen data wiper, named Lotus Wiper, which destructively targeted Venezuela’s critical energy infrastructure in late 2025 and early 2026. Discovered by Kaspersky, this aggressive campaign aimed to permanently cripple systems without any ransom demand, suggesting a purely disruptive intent. The Russian cybersecurity vendor detailed how two batch scripts coordinate the attack to weaken defenses and execute the novel wiper.
Once launched, the malware erases system recovery mechanisms and overwrites physical drive contents. Consequently, it systematically deletes files across all affected volumes to leave targets completely inoperable. The wiper sample was uploaded from Venezuela in mid-December 2025, compiled months earlier in late September. This activity occurred during a period of heightened malware reports targeting the same sector and region, according to Kaspersky.
The attack chain begins with a script designed for older Windows systems, attempting to stop a specific interactive service. It then checks for a network share to likely determine if a machine is part of a domain, introducing random delays if initially unreachable. A second script then takes over to prepare the environment for destruction.
This follow-up script disables cached logins, logs off users, and deactivates network interfaces. Furthermore, it uses commands like “diskpart clean all” to wipe logical drives and fills storage capacity to impair recovery. Finally, the Lotus Wiper payload is triggered to delete restore points and overwrite physical sectors with zeroes. Organizations are advised to monitor for unusual use of native Windows utilities and changes to key network shares.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
