How to avoid a wipeout

Issue 1 2023 IT infrastructure, Security Services & Risk Management

Byron Horn-Botha.

Wiper malware is an alarming threat to corporate data. Unlike ransomware, which can encrypt and disable your files until you pay a ransom, wiper malware aims to delete your data permanently and cause as much destruction as possible. Once it infects your system, it will make your data completely unrecoverable. This type of malware is hazardous because it offers no possibility of recovery by paying a ransom.

Wiper malware has grown more common in recent years, with several high-profile attacks making headlines. The destructive WannaCry attack in 2017, which affected hundreds of thousands of computers worldwide, is believed to have been a wiper attack. Other notable wiper attacks include Olympic Destroyer in 2018, which targeted the Winter Olympics in South Korea; and ZeroCleare in 2020, which targeted the energy and industrial sectors in the Middle East. Even the infamous Sony Pictures hack was a wiper attack.

Wiper malware is also a weapon of cyber warfare. As the conflict between Russia and Ukraine continues, Ukraine has seen a withering barrage of wiper attacks. Recently, researchers at Fortinet reported that criminals deployed wiper malware against other countries. In the first half of 2022, seven new wiper variants were used in campaigns against private, government, and military organisations. Indeed, there have been wiper malware attacks in twenty-four countries beyond Ukraine, with some of these attacks targeting critical infrastructure using disk-wiping malware.

One of the fundamental challenges in dealing with wiper threats is that they are very often difficult to detect and contain. Unlike other forms of malware, which usually come with signs of their presence, wipers erase all traces of themselves once they have completed their destructive work. It makes it difficult for IT security professionals to respond to these attacks and prevent them from spreading.

Organisations must implement robust, multi-layered security measures, including regular backups of critical data to defend against wiper threats. It is also essential to maintain a strong security posture and be alert to signs of a potential wiper attack. Here are three steps your company can take to minimise your risk of falling victim to these destructive attacks.

1: Backup your data

The importance of backing up your data cannot be overstated when defending against wiper malware. While backups cannot prevent an attack from occurring, they provide a lifeline for restoring compromised data caused by wiper malware, or any other type of attack.

By properly managing your backups, you can ensure you have copies of your data that are separate from your production systems. Should wiper malware, ransomware, or any other malware strike the active IT environment, your business can turn to its backups, stored on an immutable storage solution, for restoration. Not only is restoring from backups more cost-effective and faster than paying a ransom to recover data, but it is likely your only recourse in a wiper attack, because paying a ransom is usually not an option.

2: Follow the 3-2-1-1 rule

A 3-2-1-1 data-protection strategy is a best practice for defending against malware, including wiper attacks. This strategy entails maintaining three copies of your data, on two different media types, with one copy stored off-site. The final ‘1’ in the equation is immutable object storage.

By maintaining multiple copies of your data, you can ensure that you have a backup available in case one copy is lost or corrupted. It is imperative in the event of a wiper attack.

Storing your data on different media types also helps protect against wiper attacks. For example, you might keep one copy of your data on a hard drive, another at a cloud-based storage service, and the third on a removable drive or tape. This way, if one type of media is compromised, you still have access to your data through the other copies.

Keeping at least one copy of your data off-site, either in a physical location or in the cloud, provides an additional layer of protection. If a wiper attack destroys on-site copies of your data, you will still have access to your off-site backup.

The final advantage is immutable object storage. Immutable object storage involves continuously taking snapshots of your data every 90 seconds, ensuring that you can quickly recover it even during a wiper attack. This next-generation data-security tool helps to safeguard your information and protect it from loss or damage.

3: Air gap your networks

Air gapping is an efficient and effective method that protects backup data from wiper attacks. There are two types of air gapping: traditional physical and logical air gapping. Physical air gapping involves disconnecting a digital asset from all other devices and networks, creating a physical separation between a secure network and any other computer or network. You can store backup data on media such as tape or disk and then completely disconnect these media from your production IT environment.

Logical air gapping, on the other hand, relies on network and user-access controls to isolate backup data from the production IT environment. Data is pushed to its intended destination, such as an immutable storage or custom appliance, through a one-way street, and can only be managed or modified through separate authentication channels.

The beauty of air gapping is that it renders your data almost invisible to wiper malware attacks, making it nearly impossible for the bad guys to compromise your backups.

A solid, well-managed data backup and recovery plan is the key to ensuring data safety in the face of today’s growing array of threats.

For more information, contact Arcserve Southern Africa,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A smart start for South African cities
Integrated Solutions IT infrastructure
Cameras and sensors can kick off smart city strategies in cities around South Africa, leading to not only improved security and safety, but also better service delivery in areas like electricity and water provisioning.

Three new portable power stations to ease load shedding
News Security Services & Risk Management Products
EcoFlow has launched three portable power stations that provide sufficient power for consumers wherever they are; the DELTA 2 and RIVER 2 Series are feature-filled power solutions to the volatile electricity supply.

You cannot bribe a computer
Access Control & Identity Management Security Services & Risk Management
Corruption is a cancer that destroys the prospects and stability of countries and businesses. It widens wealth gaps and punishes the poor. It costs countries many billions in lost revenue.

How much protection does cyber insurance really give businesses?
Cyber Security Security Services & Risk Management
If organisations don’t meet even the minimum requirements of security and data protection, insurance will do them little good. Instead, it needs to be just one part of the digital resiliency toolbox.

The smart foundation of the digital business
IT infrastructure
Autonomous networks take an advanced step beyond merely automating components: they use artificial intelligence (AI), machine learning to self-configure, self-manage, and self-heal, ideally becoming better all the time.

Off-grid power solution for residential estate
Editor's Choice Security Services & Risk Management Residential Estate (Industry) Products
Coral Beach Estate, an upmarket residential estate based in East London, has been struggling with load shedding and power outages due to South Africa's energy crisis, as well as the vandalism of its power infrastructure.

SafeCity Guarding rolls out across 14 suburbs in Johannesburg
News Security Services & Risk Management
In a major drive to provide communities across Johannesburg with additional safety, Vumacam, in partnership with Fidelity ADT and other security providers across the region, rolled out the innovative SafeCity Guarding initiative in 14 suburbs.

FleetDomain underpins Afrirent’s value proposition
Logistics (Industry) Security Services & Risk Management
Afrirent, a 100% female black-owned fleet management company, has been relying on FleetDomain software for a number of years to help it deliver outstanding service to a growing number of clients.

Converged infrastructure: Beyond the hype
IT infrastructure Products
Technical teams no longer have to sit and try to work through a magnum opus of manuals for every layer of computing, networking, and storage, largely thanks to the growing popularity and increasing success of converged infrastructure.

Blurring the lines between data management and cybersecurity
Cyber Security IT infrastructure
In the past, data management and cybersecurity would fall under separate domains, but with more organisations making the shift to the cloud, data management and data protection have merged, essentially blurring the lines between the two.