Adversaries may cause a sustained or permanent loss of view where the ICS equipment will require local, hands-on operator intervention; for instance, a restart or manual operation. By causing a sustained reporting or visibility loss, the adversary can effectively hide the present state of operations. Examples: Industroyer’s data wiper component removes registry “image path” throughout the system and overwrites all files, rendering the system unusable. Some of Norsk Hydro’s production systems were impacted by a LockerGoga infection. This resulted in the company to switch to manual operations.”]
Source: https://collaborate.mitre.org/attackics/index.php/Technique/T0829