Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Bitcoin Security Encryption Privacy The Internet Technology

Destructive KillDisk Malware Turns Into Ransomware ( 56

wiredmikey writes from a report via SecurityWeek: A recently discovered variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them. Since KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are concerned that threat actors may be bringing ransomware into the industrial domain. CyberX VP of research David Atch told SecurityWeek that the KillDisk variant they have analyzed is a well-written piece of ransomware, and victims are instructed to pay 222 bitcoins ($210,000) to recover their files, which experts believe suggests that the attackers are targeting "organizations with deep pockets." From the report: "The ransomware is designed to encrypt various types of files, including documents, databases, source code, disk images, emails and media files. Both local partitions and network folders are targeted. The contact email address provided to affected users is associated with Lelantos, a privacy-focused email provider only accessible through the Tor network. The Bitcoin address to which victims are told to send the ransom has so far not made any transactions. Atch pointed out that the same RSA public key is used for all samples, which means that a user who receives a decryptor will likely be able to decrypt files for all victims. According to CyberX, the malware requires elevated privileges and registers itself as a service. The threat terminates various processes, but it avoids critical system processes and ones associated with anti-malware applications, likely to avoid disrupting the system and triggering detection by security products."
This discussion has been archived. No new comments can be posted.

Destructive KillDisk Malware Turns Into Ransomware

Comments Filter:
  • by Cajun Hell ( 725246 ) on Wednesday December 28, 2016 @06:23PM (#53567793) Homepage Journal
    So can every KillDisk user upgrade now, to fix the deleted-files problem? Or does the ransom change need to be pulled by a bunch of different branch maintainers first?
  • Thank you, experts, for informing us that the type of people targeted by a demand for a rather large amount of money are those with deep pockets. I thought they were hitting up low income housing for $210k just to be assholes.

You have a massage (from the Swedish prime minister).