🎯Basically, a new malware called Lotus wipes data from computers in Venezuelan energy companies.
What Happened
A new data-wiping malware known as Lotus has emerged, specifically targeting energy and utility organizations in Venezuela. This malware was first observed in mid-December 2025, coinciding with increasing geopolitical tensions in the region. The malware was uploaded from a machine in Venezuela and has since been analyzed by Kaspersky.
How It Works
The Lotus wiper operates through a series of batch scripts that prepare the system for the final payload. Initially, it disables critical Windows services and alters system configurations to facilitate the attack. The malware then systematically destroys data by overwriting physical drives, making recovery nearly impossible. Kaspersky's analysis reveals that the wiper:
- Disables Windows restore points.
- Overwrites physical drives with zeros.
- Deletes files and clears system activity logs.
Who's Being Targeted
The primary victims of this attack are Venezuelan energy firms, particularly the state-owned oil company Petróleos de Venezuela (PDVSA). Although PDVSA has not confirmed that its systems were wiped, it did experience a cyberattack that disrupted its delivery systems, which it attributed to external threats.
Signs of Infection
Organizations should be vigilant for signs of the Lotus wiper's precursor activities, including:
NETLOGON shares
UI0Detect
Mass account changes
diskpart
How to Protect Yourself
To safeguard against data-wiping malware like Lotus, organizations should: This incident highlights the increasing risk of targeted cyberattacks against critical infrastructure, underscoring the need for enhanced cybersecurity measures in vulnerable sectors.
Detection
- 1.Maintain regular offline backups and validate their restorability.
- 2.Monitor for the aforementioned signs of infection.
Removal
🔒 Pro insight: The Lotus wiper's sophisticated approach to data destruction emphasizes the need for proactive monitoring and robust incident response strategies in critical sectors.
