KillDisk malware is now capable of encrypting data. A newly discovered variant of the malware acts like ransomware and demands money in exchange for decryption. KillDisk ransomware was spotted in attacks on industrial control systems, and now researchers are worried that the updated variant will bring ransomware into this sector.
|Short Description||KillDisk malware has been transformed into ransomware, primarily targeting organizations.|
|Symptoms||The files are encrypted with a combination of AES and RSA 1028.|
|Distribution Method||Exploit kits.|
|Detection Tool|| See If Your System Has Been Affected by KillDisk |
Malware Removal Tool
|User Experience||Join our forum to Discuss KillDisk.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
KillDisk Malware Turns into Ransomware: Technical Details
Previous versions of KillDisk were designed to wipe hard drives so that the targeted system is inoperable. The new iteration of the malware was analyzed by industrial cybersecurity firm CyberX. The researchers discovered that the malware-turned-ransomware is using a combination of RSA and AES algorithms.
KillDisk Encryption Process
Each targeted file encrypted via an individual AES key and then all the keys are encrypted using the RSA 1028 key, which is stored in the body of the malware. Basically, researchers were able to conclude that the KillDisk ransomware, or crypto malware, is quite sophisticated and well-written. The newly detected variant shares a lot with the previously detected KillDisk pieces.
What Data Does KillDisk Ransomware Target?
The crypto malware is able to encrypt a range of files, such as documents, databases, source code, disk images, emails, and media files. In addition, both local partitions and network folders are targeted successfully.
The amount of the ransom is 222 Bitcoin which amounts to $210,000. This alone proves that the ransomware operators will be targeting organizations with great financial resources. The email address provided to affected users is connected to Lelantos, a secure, anonymous email provider available through Tor. As for the Bitcoin address provided for payments, no transactions have been detected there.
KillDisk Ransomware Removal
Even though the ransomware may be targeting organizations, it doesn’t mean that it won’t be leveraged in campaigns on home users. Ransomware operators and malware authors have proven to be extremely flexible in transforming their campaigns to fit a range of malicious purposes.
That being said, the manual provided below will guide you through the removal process of any ransomware, KillDisk included. According to your knowledge and experience in malware removal, you can try removing the threat manually or automatically.