Close

New AI Research From CDW

See how IT leaders are tackling AI opportunities and challenges.

Aug 05 2025
Security

The Rising Tide of Wiper Malware Targeting Federal Security Operations

Agencies remain unprepared despite CISA’s warnings.

Wiper malware poses a serious threat as a weaponized tool that can disrupt and damage U.S. government networks, healthcare facilities and critical infrastructure in today’s era of geopolitical conflict.

The malware permanently destroys data, leaving systems inoperable and recovery nearly impossible.

New variants, some open-source and available on platforms like GitHub, continue to emerge, and many organizations (including government agencies) remain unprepared, despite warnings from the Cybersecurity and Infrastructure Security Agency about nation-state infiltration of U.S. critical infrastructure. Equally concerning is the fact that cyberspace serves as a powerful equalizer, allowing less-resourced organizations to inflict significant impact while evading much of the $100 billion national security apparatus.

Past wiper attacks, such as NotPetya, have crippled government and supply chain services, power grids, water systems and transportation networks, causing chaos and massive financial losses — for example, more than $400 million for FedEx and $670 million for Merck.

Click the banner below to start implementing smarter security.

 

Motives Behind Wiper Attacks Differ From Ransomware

Federal security operations (SecOps) teams must understand the threats facing their agencies and implement the right data security measures to protect their environments. This process begins with preventive strategies such as robust data backup, network segmentation and strong endpoint security — all of which are foundational to minimizing the impact of potential cyber incidents.

In addition, agencies should have comprehensive incident response plans designed to address the unique challenges posed by wiper malware attacks. The execution of a wiper malware attack often mirrors that of a ransomware attack, involving similar methods to infiltrate and move within a network. Because agencies have not responded to ransomware attacks on a large scale, they may not be adequately prepared to handle the potentially more serious outcomes associated with destructive malware attacks.

To strengthen their preparedness, it is essential that agencies conduct red-team exercises that simulate real-world attack scenarios, including those involving wiper malware. Red-team engagements and cyber exercises must be redesigned and expanded to include destructive cyberattacks and focus on cyber recovery at scale in the evolving threat landscape. These exercises allow agencies to test their defenses and incident response procedures in a controlled environment, revealing vulnerabilities in systems, security controls and response plans.

By proactively identifying and addressing these weaknesses, agencies can enhance their cyber resilience against wiper malware and ensure they can withstand attacks.

DISCOVER: Dell has a blueprint for U.S. global AI leadership.

Federal SecOps Teams Should Prioritize Critical Systems

Government and critical infrastructure entities must be prepared to endure attacks and recover rapidly. To effectively defend against wiper malware, it is vital to identify and prioritize the most critical systems. If compromised, these systems could significantly impact an agency’s operations, data integrity and overall mission.

Equally important is identifying the secondary systems that support critical hardware dependencies — servers, routers and firewalls — which are essential to the overall infrastructure and must remain resilient during an attack.

Secure Backups Restore Data and Systems to a Clean State

The Cyber Survivability Endorsement Implementation Guide from the Pentagon’s Joint Chiefs of Staff recognizes the importance of a risk management framework to help Defense agencies identify, assess and mitigate potential risks that could affect their operations or information systems. However, the guide acknowledges that an RMF alone will not be sufficient to ensure the ability to survive various types of cyberattacks.  

A traditional RMF lacks a rapid recovery component, which is why a data backup and recovery strategy that follows zero-trust principles is crucial for protecting against wiper malware.

LEARN MORE: The military is using MFA in the field.

Agencies need secure data backup and recovery strategies that prioritize air gapping, immutability and robust access controls to protect against wiper malware. Air gapping separates backup systems from the main network via storage media or through network segmentation, thereby preventing wiper malware from accessing them.

Immutability ensures that attackers cannot modify backups. Even if an adversary gains administrator privileges — or an admin gains unauthorized privileges — neither can disable the immutability, encryption or data protection components.

Stronger Collaboration Between IT and Security Teams

Stronger collaboration among government IT, security and compliance teams is essential to enhancing responses and recovery during a wiper malware attack. Too often, security teams are unaware of the measures used to back up and protect data, hindering any recovery efforts.

A rising trend in the private sector is the management of data backup and recovery under the supervision of the CISO. More agencies might benefit from adopting this trend.

Click the banner below for the latest federal IT and cybersecurity insights.

 

Evolving Geopolitical Tensions and Attacks on Critical Infrastructure

The surge in malicious cyber activity by Russian-aligned hacking groups at the end of 2024 and into 2025 could have serious implications for government agencies. Russian threat actors such as Fancy Bear, Gamaredon and Sandworm have intensified attacks on Ukraine and U.S. allies in the European Union, exploiting zero-day vulnerabilities and deploying destructive wipers.

What we’re seeing is a clear trend: State-backed wiper malware operations are growing more aggressive and sophisticated. Agencies must recognize that these types of cyberattacks could severely disrupt government functions, steal sensitive data or undermine critical infrastructure in the future.

The Volt and Salt Typhoon hacking groups are clear indications that nation-state cybercriminals are pre-positioning themselves on IT networks for cyberattacks against critical infrastructure in the event of a major crisis or conflict with the U.S. This evolving threat environment demands urgent attention to building cyber resilience, gathering threat intelligence and proactive data backup and recovery measures across all federal systems.

mustafaU/Getty Images