KillDisk Malware Now a Ransomware, Organizations Should Prepare
THREAT REMOVAL

KillDisk Malware Now a Ransomware

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by KillDisk and other threats.
Threats such as KillDisk may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

KillDisk malware is now capable of encrypting data. A newly discovered variant of the malware acts like ransomware and demands money in exchange for decryption. KillDisk ransomware was spotted in attacks on industrial control systems, and now researchers are worried that the updated variant will bring ransomware into this sector.

Related: TeleBots Target Ukranian Financial Sector with KillDisk Malware

Threat Summary

Name

KillDisk

TypeRansomware
Short DescriptionKillDisk malware has been transformed into ransomware, primarily targeting organizations.
SymptomsThe files are encrypted with a combination of AES and RSA 1028.
Distribution Method Exploit kits.
Detection Tool See If Your System Has Been Affected by KillDisk

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss KillDisk.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

KillDisk Malware Turns into Ransomware: Technical Details

Previous versions of KillDisk were designed to wipe hard drives so that the targeted system is inoperable. The new iteration of the malware was analyzed by industrial cybersecurity firm CyberX. The researchers discovered that the malware-turned-ransomware is using a combination of RSA and AES algorithms.

KillDisk Encryption Process

Each targeted file encrypted via an individual AES key and then all the keys are encrypted using the RSA 1028 key, which is stored in the body of the malware. Basically, researchers were able to conclude that the KillDisk ransomware, or crypto malware, is quite sophisticated and well-written. The newly detected variant shares a lot with the previously detected KillDisk pieces.

What Data Does KillDisk Ransomware Target?

The crypto malware is able to encrypt a range of files, such as documents, databases, source code, disk images, emails, and media files. In addition, both local partitions and network folders are targeted successfully.

The amount of the ransom is 222 Bitcoin which amounts to $210,000. This alone proves that the ransomware operators will be targeting organizations with great financial resources. The email address provided to affected users is connected to Lelantos, a secure, anonymous email provider available through Tor. As for the Bitcoin address provided for payments, no transactions have been detected there.

KillDisk Ransomware Removal

Even though the ransomware may be targeting organizations, it doesn’t mean that it won’t be leveraged in campaigns on home users. Ransomware operators and malware authors have proven to be extremely flexible in transforming their campaigns to fit a range of malicious purposes.

That being said, the manual provided below will guide you through the removal process of any ransomware, KillDisk included. According to your knowledge and experience in malware removal, you can try removing the threat manually or automatically.

Note! Your computer system may be affected by KillDisk and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as KillDisk.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove KillDisk follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove KillDisk files and objects
2. Find files created by KillDisk on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by KillDisk

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...