KillDisk Ransomware Description
The KillDisk Ransomware is a ransomware Trojan that is being used to take money from computer users. The KillDisk Ransomware existed in a previous version that did not have encryption capabilities. The latest version of the KillDisk Ransomware, however, does encrypt victims' files to demand payment of an enormous ransom. The size of the ransom indicates that it is likely that the KillDisk Ransomware is targeted towards businesses and industrial targets specifically. The KillDisk Ransomware uses a sophisticated communications method that involves the Telegram API to connect to its Command and Control server.
Analysis of the KillDisk Ransomware has revealed that each sample of this threat infection includes a unique Telegram account for communications. The KillDisk Ransomware has full encryption ransomware capabilities, meaning that it encrypts the victim's files using a strong encryption algorithm and then demands the payment of a ransom from the victim. This makes the KillDisk Ransomware a significant threat to the victims' data. The KillDisk Ransomware demands the payment of 222 BitCoin in exchange for the decryption key. This is a uniquely enormous amount that is far and beyond above the amount that most other ransomware Trojans demand from their victims.
How the KillDisk Ransomware Attack Works
The KillDisk Ransomware uses a combination of the AES and RSA encryption to make the victim's files inaccessible. The KillDisk Ransomware targets a wide variety of file types, including media files, images, document saves, databases, disk images and numerous others. The KillDisk Ransomware will encrypt files on all local drives as well as removable memory devices connected to the infected computer and drives shared on a network. After encrypting the victim's files, the KillDisk Ransomware displays a ransom note, which is comprised of a black text over a bright orange background. The KillDisk Ransomware's ransom note contains the following text:
'We are so sorry, but the encryption
of your data has been succesfully completed,
so you can lose your data or
pay 222 btc to Q194RXqr5WzyNh9Jn3YLDGeBoJxJBigcF
with blockchain info
contact e-mail: email@example.com'
To carry out its attack, the KillDisk Ransomware requires an elevated user privilege. The KillDisk Ransomware registers itself as a service and is capable of killing various processes on the infected computer.
The Infection Vectors Used by the KillDisk Ransomware
Most ransomware Trojans may spread using phishing or spam email attachments. The KillDisk Ransomware is being used to attack high profile targets. Attacks involving the KillDisk Ransomware have been observed on chemical plants in certain parts of Eastern Europe. This means that the KillDisk Ransomware is being distributed to these targets using direct phishing campaigns or by hacking into these industries' computer networks directly. Threat analysts have observed direct hacking into these facilities, which involve sophisticated exploitation of known vulnerabilities.
How Businesses and Industries can Protect Their Networks from the KillDisk Ransomware
The people responsible for the KillDisk Ransomware have significant resources and may, in fact, be sponsored by a government organization. Because of this, businesses and industries will need to take significant steps to increase their network security. The most important vulnerability is that many critical systems may be accessible through the Internet or on an internal network. Human error will expose these to hackers, meaning that training is essential. PC security researchers strongly advise the following steps:
- Backup processes must be in place and monitored regularly.
- Employees must be trained appropriately to ensure that they are aware of network security.
- Steps must be taken to ensure that threats cannot spread from one compromised section of the network to another.
- Assessments of networks must be carried out regularly to ensure that vulnerabilities are constantly identified and removed.
- Real time monitoring of networks and computers must be carried out using a reliable security software that is fully up-to-date.
- Network administrators must have images and backups of all critical data.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.