Krux
April 5, 2026
Stryker Wiper Attack Wiped 200,000 Devices in Minutes
Published: April 5, 2026 at 12:27 AM
Updated: April 5, 2026 at 12:27 AM
100-word summary
An Iran-linked group claims it wiped over 200,000 devices at medical device giant Stryker on March 11, halting global manufacturing and shipping. The company insists no malware was deployed and this wasn't ransomware, calling it an incident affecting its Microsoft environment. By late March, manufacturing was mostly restored and its electronic ordering system was back online. The attack targeted identity management systems like Active Directory, spreading faster than traditional ransomware. Stryker's recovery hinged on offline backups and restoring endpoints one by one. The gap between "no malware" and mass device wipes shows how quickly attackers can burn down a network without encrypting files.
What happened
An Iran-linked group claims it wiped over 200,000 devices at medical device giant Stryker on March 11, halting global manufacturing and shipping. The company insists no malware was deployed and this wasn't ransomware, calling it an incident affecting its Microsoft environment. By late March, manufacturing was mostly restored and its electronic ordering system was back online. The attack targeted identity management systems like Active Directory, spreading faster than traditional ransomware. Stryker's recovery hinged on offline backups and restoring endpoints one by one.
Why it matters
The gap between "no malware" and mass device wipes shows how quickly attackers can burn down a network without encrypting files.