KrebsOnSecurity has identified a new destructive payload dubbed CanisterWorm, specifically targeting Iranian government and industrial systems. The malware is delivered via a bespoke dropper that first gains execution, then encrypts files on the host and removes the system’s recovery partitions, effectively rendering standard restoration methods useless.

The campaign appears designed to inflict irreversible operational disruption, potentially crippling critical infrastructure and governmental services. Defenders should monitor for the dropper’s indicators of compromise, update endpoint detection rules, and verify the integrity of backup and recovery mechanisms to mitigate similar wiper threats.