Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

KillDisk malware could be the world's worse ransomware attacks

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 6, 2017

It appears that a few variants of the KillDisk data wiping malware, famous for infecting computers in Ukrainian energy utilities, is now being used in what could be the world's most expensive ransom attacks.

Overall, potential attackers are targeting Windows and Linux desktops and even servers and are demanding an incredible 222 bitcoins (US $247,000) for the data to be returned.

No one has paid yet, and that's a good thing, since the attackers cannot decrypt files because encryption keys are not saved locally or transmitted to command and control servers, further compounding matters.

ESET internet security researchers Robert Lipovsky and Peter Kalnai assert: "Let us underline that the cyber criminals behind the KillDisk malware cannot supply their victims with the decryption keys to recover their files, despite those victims paying the extremely large sum demanded by this ransomware."

The malware itself was first discovered as a simple 'module' employed in 2015 attacks against the Ukraine's Prykarpattya, Oblenergo, and Kyivoblenergo energy facilities.

It is distributed most often through various phishing schemes, the tactic used by its suspected Russian authors. It's capable of wrecking thousands of different file types.

Those attacks were "artistic", Lipovsky and Kalnai assert, using iconography from the hacker hit show Mr Robot.

The ransomware message is splashed in the overwritten GRUB bootloader and apologises for encrypting files.

While the KillDisk authors utterly failed in their bid to earn money from the ransomware, they avoided encryption mistakes common to other blackhats in their use of Triple-DES applied to 4096-byte file blocks with each file using different 64-bit encryption key sets.

But they fell flat on their face again by opening up a security hole that lets Linux users decrypt files with significant effort and some luck.

Windows users have no such option at this stage, however. "The recent addition of ransomware functionality seems a bit unusual, as previous attacks were cyber-espionage and cyber-sabotage operations," the researchers say.

"It seems more like a nail in the coffin, rather than a true ransomware campaign," the group commented.

Source: ESET Internet Security LLC.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer