A highly targeted destructive wiper campaign dubbed 'Lotus Wiper' was discovered targeting the energy and utilities sector in Venezuela during late 2025 and early 2026. The attack begins with batch scripts coordinating execution across networks using domain shares as trigger mechanisms. These scripts disable security services, lock out users, and prepare the environment for the final payload. The Lotus Wiper systematically destroys data by wiping physical drives with zeros, deleting restore points, clearing USN journals, and recursively deleting files. Unlike ransomware, this wiper has no financial motivation or ransom demands, designed purely for data destruction. Evidence suggests attackers maintained long-term domain access prior to the attack, with the wiper compiled months before deployment. The malware targets older Windows systems and uses legitimate system tools like diskpart, robocopy, and fsutil.