KillDisk evolves into ransomware
A harmful program called KillDisk, which has been used in the past to clean information from computers throughout cyberespionage attacks, is now securing files and asking for an uncommonly large ransom.
KillDisk was among the parts associated with the Black Energy malware that a group of assailants utilized in December 2015 to strike a number of Ukrainian power stations, cutting power for countless individuals. A month before that, it was used against a major news agency in Ukraine.
Given that then, KillDisk has actually been utilized in other attacks, most just recently against several targets from the shipping sector, inning accordance with security scientists from antivirus supplier ESET.
However, the most recent variations have progressed and now act like ransomware. Instead of cleaning the information from the disk, the malware encrypts it and displays a message requesting for 222 bitcoins to restore them. That’s the equivalent of $216,000, an abnormally large amount of money for a ransomware attack.
What’s a lot more fascinating is that there’s likewise a Linux version of KillDisk that can infect both desktop and server systems, the ESET scientists said Thursday in article. The file encryption regular and algorithms are various in between the Windows and the Linux versions, and on Linux, there’s another catch: The file encryption secrets are neither conserved in your area nor sent out to a command-and-control server, and the assailants cannot really get to them.
“The cyber lawbreakers behind this KillDisk variant can not provide their victims with the decryption keys to recuperate their files, in spite of those victims paying the incredibly big amount demanded by this ransomware,” the ESET researchers stated.
The good news is that there’s a weakness in the file encryption mechanism for the Linux version that makes it possible– though tough– for the victim to recover the files. With the Windows variation, they can’t.
It’s not clear why the KillDisk developers have added this encryption feature. It might be that they’re achieving the same goal as in the past– damage of information– however with the ransomware tactic there’s likewise a small chance that they’ll walk away with a large amount of cash.