Disk-Erasing Malware KillDisk now has Ransomware Element

KillDisk, name of a malware that is notorious for erasing data from a computer's hard drive as well as corrupting it later, currently contains one ransomware component too enabling it to encrypt the victim's files followed with demanding huge ransom.

The developer of KillDisk is a gang named TeleBots that as well created a backdoor malware also called KillDisk that was used to attack and sabotage Ukrainian firms during 2016. In addition, this backdoor Trojan was also used for targeting Ukrainian banks through the malware-laden e-mail attachments. Neowin.net posted this, December 29, 2016.

Previously, KillDisk was known to taint PCs of industrial organizations when it aimed at making desktops and servers unbootable. For that, the malware would not just erase files; however, give fresh names to others.

According to Phil Neray, Vice President of marketing at CyberX, the latest KillDisk edition, after infecting a device, encrypts its hard drive along with all network mapped directories which the organization members may share. The encryption is done utilizing AES and RSA 1028 algorithms, Neray writes within a blog post.

Elaborating on the ransomware, CyberX states the variant gets disseminated through malevolent Office attachments while it exhibits a pop-up missive making a demand of 222 Bitcoins that converted into dollars is about $206,000. KillDisk's excessive ransom as well as its connection with Sandworm indicates profuse execution of ransomware assaults by the gang on industrial-control PC-networks.

In case impacting the appropriate computer, KillDisk is liable for making disastrous results since it wouldn't just infect that system's operating system; however, also the files that are shared over the network.

Currently, things have become even worse with KillDisk working chiefly as ransomware. In this connection Bleeping Computer explains that the malware thus eases in hiding TeleBots' traces, including its backdoor Trojan.

Comparing with other ransomware strains, KillDisk's ransom demand counts a massive amount. Nevertheless, within targeted assaults like these, it is normal to have larger ransom demands. For, in these assaults the criminals try to force from the attacked entity within subsequent e-mail messages, blackmailing that they would expose its sensitive data stolen through TeleBots' backdoor.

» SPAMfighter News - 1/4/2017