KillDisk malware could be the world's worse ransomware attacksSponsered ads: If you need reliability when it comes to SMTP servers, get the best, get Port 587. Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day! Tweet Share on Twitter.January 6, 2017 ![]() It appears that a few variants of the KillDisk data wiping malware, famous for infecting computers in Ukrainian energy utilities, is now being used in what could be the world's most expensive ransom attacks. Overall, potential attackers are targeting Windows and Linux desktops and even servers and are demanding an incredible 222 bitcoins (US $247,000) for the data to be returned. No one has paid yet, and that's a good thing, since the attackers cannot decrypt files because encryption keys are not saved locally or transmitted to command and control servers, further compounding matters. ESET internet security researchers Robert Lipovsky and Peter Kalnai assert: "Let us underline that the cyber criminals behind the KillDisk malware cannot supply their victims with the decryption keys to recover their files, despite those victims paying the extremely large sum demanded by this ransomware." The malware itself was first discovered as a simple 'module' employed in 2015 attacks against the Ukraine's Prykarpattya, Oblenergo, and Kyivoblenergo energy facilities. It is distributed most often through various phishing schemes, the tactic used by its suspected Russian authors. It's capable of wrecking thousands of different file types. Those attacks were "artistic", Lipovsky and Kalnai assert, using iconography from the hacker hit show Mr Robot. The ransomware message is splashed in the overwritten GRUB bootloader and apologises for encrypting files. While the KillDisk authors utterly failed in their bid to earn money from the ransomware, they avoided encryption mistakes common to other blackhats in their use of Triple-DES applied to 4096-byte file blocks with each file using different 64-bit encryption key sets. But they fell flat on their face again by opening up a security hole that lets Linux users decrypt files with significant effort and some luck. Windows users have no such option at this stage, however. "The recent addition of ransomware functionality seems a bit unusual, as previous attacks were cyber-espionage and cyber-sabotage operations," the researchers say. "It seems more like a nail in the coffin, rather than a true ransomware campaign," the group commented. Source: ESET Internet Security LLC. Sponsered ads: If you need reliability when it comes to SMTP servers, get the best, get Port 587. Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day! Tweet Share on Twitter.
Home |
Proxy Sentinel™ |
Firewall Sentinel™ |
FAQ |
News |
Sitemap |
Contact
Copyright © Internet Security.ca Terms of use Privacy agreement Legal disclaimer |