What is KillDisk and how to get rid of it?

Usually we talk about ransomware, which infect the computers of ordinary users, and are trying to get money from them for decryption of their own data. However, we could not ignore such an event as the appearance of ransomware, based on KillDisk virus. This virus was originally used for industrial sabotage, espionage and erase of sensitive information. The creators of the virus are considered to be a group of hackers called Sandworm, which was later renamed in TeleBots (or joined to another hacker group with the same name). The only good thing that can be said about those hackers is that they are without prejudice to ordinary users, aimed exclusively on representatives of big business. KillDisk and Sandworm viruses were seen at cyber-attacks on many banks and large companies, in particular, during an attack by BlackEnergy hackers on Ukrainian energy companies.

The main objective of these groups espionage in favor of other large companies, or in favor of the governments of some countries. With this in mind, we can say that TeleBots hackers aren’t interested in direct extortion of money from their victims, since their services are fully paid. It is believed that the hackers have built ransomware element into KillDisk virus to cover up the attack. Finding ransomware in its system, the company will simply remove it and restore the data, and will not look for other signs of undesirable activity (at least hackers hope it to be so). In addition, if the company will pay a ransom (which is “only” 222BTC or $ 215,000), this will be a nice addition to the initial fee.

The main difference of KillDisk ransomware virus from ones which can be found on the Internet is that this virus is supported by a large group of hackers, and it does not choose its victims blindly. In the rest - this is a common ransomware. Each affected file is being separately encrypted using the AES algorithm, and received keys are encrypted using the RSA algorithm, which completely eliminates the possibility of decoding files. Of course, there is the possibility of obtaining the encryption keys with the hacking of the virus code itself, but it will take a lot of effort from the best specialists in such cases.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.