KillDisk is a destructive malware that gained notoriety as a component of successful attacks performed by the BlackEnergy group against the Ukrainian power grid in December 2015 and for attacks against one of the country’s main news agencies in November 2015.
KillDisk attack campaigns continued throughout December, aimed at several targets in the sea transportation sector in Ukraine.
The encryptor malware demands that the victim hand over a very high ransom in return for the encrypted files – 222 Bitcoin, which is approximately USD 250,000 at the time of writing. The recent ransomware KillDisk variants are not only able to target Windows systems, but also Linux machines; something we don’t see every day.
The Linux variant has a big twist – that is important to note – namely, that paying the ransom demand for the recovery of encrypted files is a waste of time and money. The encryption keys generated on the affected host are not saved locally or transmitted to a C&C server.
It is very important to re-emphasize that – the cyber criminals behind this KillDisk variant cannot supply their victims with the decryption keys to recover their files, despite those victims paying the extremely large sum demanded by this ransomware.