3 Steps Every Organization Should Take To Defend Against Wiper Malware

By Florian Malecki, Executive Vice President of Marketing, Arcserve

Wiper malware is an alarming threat to your organization’s data. Unlike ransomware, which can encrypt and disable your files until you pay a ransom, wiper malware aims to delete your data permanently and cause as much destruction as possible. Once it infects your system, it will make your data completely unrecoverable. This type of malware is hazardous because there is no possibility that you can recover by paying a ransom.

Wiper malware has grown more common in recent years, with several high-profile attacks making headlines. The destructive WannaCry attack in 2017, which affected hundreds of thousands of computers worldwide, is believed to have been a wiper attack. Other recent notable wiper attacks include Olympic Destroyer, which targeted the Winter Olympics in South Korea in 2018, and ZeroCleare, which targeted the energy and industrial sectors in the Middle East in 2019.

Even the infamous Sony Pictures hack was a wiper attack.

It’s Not Just Criminal; It’s Cyber Warfare

Today, wiper malware is a cyber warfare weapon. As the conflict between Russia and Ukraine continues, Ukraine has seen a withering barrage of wiper attacks. Recently, researchers at Fortinet reported that cybercriminals deployed wiper malware against other countries. In the first half of 2022, seven new wiper variants were used in campaigns against private, government, and military organizations. Indeed, there have been wiper malware attacks in 24 countries other than Ukraine, with some of these attacks targeting critical infrastructure using disk-wiping malware.

One of the fundamental challenges in dealing with wiper threats is that they’re very often difficult to detect and contain. Unlike other forms of malware—which usually make their presence known—wipers erase all traces of themselves once they have completed their destructive work. That makes it difficult for IT security professionals to respond to these attacks and prevent them from spreading.

Your organization must implement robust, multilayered security measures, including regular backups of critical data to defend against wiper threats. It’s also essential to maintain a strong security posture and be alert to signs of a potential wiper attack.

Here are three steps your organization can take to minimize your risk of falling victim to these destructive attacks.

1. Back Up Your Data

The importance of backing up your data can’t be overstated when defending against wiper malware. While backups can’t prevent an attack, they provide a lifeline for restoring data compromised by wiper malware—or any other type of attack.

By properly managing your backups, you can ensure copies of your data are stored separately from your production systems. Should wiper malware, ransomware, or any other malware strike your active IT environment, you can turn to your backups—stored on an immutable storage solution—for restoration. Not only is restoring from backups more cost-effective and faster than paying a ransom to recover data, but it’s likely your only recourse in a wiper attack.

2. Follow the 3-2-1-1 Rule

A 3-2-1-1 data-protection strategy is a best practice for defending against malware, including wiper attacks. This strategy entails maintaining three copies of your data, on two different media types, with one copy stored offsite. The final 1 in the equation is immutable object storage.

Let’s break down the advantages of the 3-2-1-1 strategy.

By maintaining multiple copies of your data, you can ensure that you have a backup available in case one copy is lost or corrupted. That’s imperative in the event of a wiper attack, which destroys or erases data permanently, causing as much destruction as possible.

Storing your data on different media types also helps protect against wiper attacks. For example, you might keep one copy of your data on a hard drive, another at a cloud-based storage service, and the third on a removable drive or tape. This way, if one type of media is compromised, you still have access to your data via the other copies.

Keeping at least one copy of your data offsite—either in a physical location or in the cloud—gives you an additional layer of protection. If a wiper attack destroys onsite copies of your data, you’ll still have access to your offsite backup.

The final advantage is immutable object storage, where continuous snapshots are taken of your data every 90 seconds, ensuring that you can quickly recover it even during a wiper attack. This next-generation data security tool helps safeguard your information and protect it from loss or damage.

3. Air Gap Your Networks

Air gapping is an efficient and effective method for protecting backup data against wiper attacks. There are two types of air gapping: physical and logical. Physical air gapping involves disconnecting a digital asset from all other devices and networks and physically separating that asset from your secure network and any other computer or network. You can store backup data on media such as tape or disk, then completely disconnect these media from your production IT environment.

Logical air gapping, on the other hand, relies on network and user-access controls to isolate backup data from the production IT environment. Data is pushed to its intended destination, such as immutable storage or a custom appliance, via a one-way street and can only be managed or modified through separate authentication channels.

The beauty of air gapping is that it renders your data virtually invisible to wiper malware attacks, making it nearly impossible for the bad guys to compromise your backups.

Final Takeaway

The increasing spread of wiper malware in the wild is a stark reminder of the dangerous landscape organizations face when protecting their data. A solid, well-managed data backup and recovery plan is the key to ensuring your data is secure in the face of today’s growing threats. No matter what tactics cybercriminals may use to disrupt your access to your data, a robust backup and recovery plan will keep your data secure.

Get expert help building your defenses and deploying a data resilience strategy by choosing an Arcserve technology partner. To learn more about Arcserve products, check out our on-demand demos.