A new data-wiping malware named Lotus has been used in targeted cyberattacks against Venezuelan energy and utility companies, designed to completely destroy compromised systems by overwriting drives and eliminating recovery options. The malware's deployment aligns with geopolitical tensions in the region, particularly following the capture of Venezuela's former president.
The Lotus data wiper malware highlights the critical need for monitoring precursor activities like NETLOGON share changes and unexpected use of tools such as 'diskpart', 'robocopy', and 'fsutil'. These indicators can provide early warnings of an impending data-wiping attack, allowing for timely incident response. Regular offline backups and validation of their restorability are essential defenses against such devastating attacks.