Lotus data-wiping malware used against Venezuelan energy and utilities organizations
Malware Activity
Summary
Hide ▲
Show ▼
The Lotus data-wiping malware was used in targeted attacks against energy and utilities organizations in Venezuela, putting victims at risk of irreversible system destruction. It relies on OhSyncNow.bat and notesreg.bat to weaken defenses, disable accounts, and block normal operations before the final payload runs. The wiper then overwrites drives, clears recovery data, and leaves compromised systems unrecoverable. The activity was observed in the context of a broader late-2025 destructive sequence that escalated into full disk wiping.
Related Happenings
Lotus Wiper destructive campaign targeting Venezuela's energy and utilities sector
Campaign
First: 22.04.2026 13:55
Last: 22.04.2026 13:55
Sources 1
About this happening:
The **Lotus Wiper** operation targeted **Venezuela's energy and utilities sector** in a **destructive campaign** spanning the end of **2025** and the start of **2026**, indicating...
Lotus Wiper destructive campaign targeting Venezuela's energy and utilities sector
CampaignAbout this happening: The **Lotus Wiper** operation targeted **Venezuela's energy and utilities sector** in a **destructive campaign** spanning the end of **2025** and the start of **2026**, indicating...
Lotus Wiper destructive activity against Venezuelan energy systems
Malware Activity
First: 22.04.2026 13:55
Last: 22.04.2026 13:55
Sources 1
About this happening:
Researchers uncovered **Lotus Wiper**, a **previously undocumented data wiper**, in **destructive attacks** against **Venezuela**. The operation targeted the **energy and utilitie...
Lotus Wiper destructive activity against Venezuelan energy systems
Malware ActivityAbout this happening: Researchers uncovered **Lotus Wiper**, a **previously undocumented data wiper**, in **destructive attacks** against **Venezuela**. The operation targeted the **energy and utilitie...
Timeline
-
21.04.2026 21:38 2 articles · 1mo ago
Kaspersky analyzes Lotus data-wiping malware against Venezuelan energy targets
Technical Analysis UpdateKaspersky analyzes Lotus, a previously undocumented data-wiping malware uploaded from a machine in Venezuela in mid-December and used in targeted attacks against Venezuelan energy and utilities organizations. The destructive payload is described as being preceded by batch scripts such as OhSyncNow.bat and notesreg.bat that weaken defenses and obstruct normal operations before diskpart, robocopy, and fsutil are used to overwrite drives, clear recovery data, and delete files until compromised systems become unrecoverable.
Show sources
- New Lotus data wiper used against Venezuelan energy, utility firms — www.bleepingcomputer.com — 21.04.2026 21:38
- New Lotus data wiper used against Venezuelan energy, utility firms — www.bleepingcomputer.com — 21.04.2026 21:38