KillDisk Ransomware

KillDisk Ransomware Description

The KillDisk Ransomware is a ransomware Trojan that is being used to take money from computer users. The KillDisk Ransomware existed in a previous version that did not have encryption capabilities. The latest version of the KillDisk Ransomware, however, does encrypt victims' files to demand payment of an enormous ransom. The size of the ransom indicates that it is likely that the KillDisk Ransomware is targeted towards businesses and industrial targets specifically. The KillDisk Ransomware uses a sophisticated communications method that involves the Telegram API to connect to its Command and Control server.

Analysis of the KillDisk Ransomware has revealed that each sample of this threat infection includes a unique Telegram account for communications. The KillDisk Ransomware has full encryption ransomware capabilities, meaning that it encrypts the victim's files using a strong encryption algorithm and then demands the payment of a ransom from the victim. This makes the KillDisk Ransomware a significant threat to the victims' data. The KillDisk Ransomware demands the payment of 222 BitCoin in exchange for the decryption key. This is a uniquely enormous amount that is far and beyond above the amount that most other ransomware Trojans demand from their victims.

How the KillDisk Ransomware Attack Works

The KillDisk Ransomware uses a combination of the AES and RSA encryption to make the victim's files inaccessible. The KillDisk Ransomware targets a wide variety of file types, including media files, images, document saves, databases, disk images and numerous others. The KillDisk Ransomware will encrypt files on all local drives as well as removable memory devices connected to the infected computer and drives shared on a network. After encrypting the victim's files, the KillDisk Ransomware displays a ransom note, which is comprised of a black text over a bright orange background. The KillDisk Ransomware's ransom note contains the following text:

'We are so sorry, but the encryption
of your data has been succesfully completed,
so you can lose your data or
pay 222 btc to Q194RXqr5WzyNh9Jn3YLDGeBoJxJBigcF
with blockchain info
contact e-mail: vuyrk568gou@lelantos.org'

To carry out its attack, the KillDisk Ransomware requires an elevated user privilege. The KillDisk Ransomware registers itself as a service and is capable of killing various processes on the infected computer.

The Infection Vectors Used by the KillDisk Ransomware

Most ransomware Trojans may spread using phishing or spam email attachments. The KillDisk Ransomware is being used to attack high profile targets. Attacks involving the KillDisk Ransomware have been observed on chemical plants in certain parts of Eastern Europe. This means that the KillDisk Ransomware is being distributed to these targets using direct phishing campaigns or by hacking into these industries' computer networks directly. Threat analysts have observed direct hacking into these facilities, which involve sophisticated exploitation of known vulnerabilities.

How Businesses and Industries can Protect Their Networks from the KillDisk Ransomware

The people responsible for the KillDisk Ransomware have significant resources and may, in fact, be sponsored by a government organization. Because of this, businesses and industries will need to take significant steps to increase their network security. The most important vulnerability is that many critical systems may be accessible through the Internet or on an internal network. Human error will expose these to hackers, meaning that training is essential. PC security researchers strongly advise the following steps:

  • Backup processes must be in place and monitored regularly.
  • Employees must be trained appropriately to ensure that they are aware of network security.
  • Steps must be taken to ensure that threats cannot spread from one compromised section of the network to another.
  • Assessments of networks must be carried out regularly to ensure that vulnerabilities are constantly identified and removed.
  • Real time monitoring of networks and computers must be carried out using a reliable security software that is fully up-to-date.
  • Network administrators must have images and backups of all critical data.

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.