KillDisk Malware App Adds Ransomware To Its Disk Wiping Repertoire

With a name like 'KillDisk', it's not hard to imagine what the malware it represents sets out to accomplish. Add on a good helping of ransomware, and KillDisk becomes the kind of malware that can give people nightmares, and not to mention a lot of undue stress.

In the past, KillDisk malware has infected computers in the industrial sector, with the goal of rendering servers or desktops essentially unbootable. This was accomplished not only by deleting files, but renaming others. In effect, it's designed to create a very bad day for the person who has to deal with the mess.

Recently, it's been discovered that KillDisk received an upgrade, adding a ransomware component. If infected, a Mr. Robot-esque graphic (below) is displayed, followed by a message requesting the equivalent of $215,000 USD in Bitcoin be paid so that the affected person's data could be accessed again.

We Are FSociety

Ransomware isn't new, but KillDisk's implementation is particularly brutal. Rather than encrypt an entire disk-worth of data with a single key, every single file affected by KillDisk is encrypted with its own AES key, which is then encrypted with a public RSA-1024 key. Once the ransom is paid, the user would be provided a private key to unlock everything in one fell swoop.

If KillDisk affects the right computer, it could have disastrous results, as not only that PC's OS will be infected, but so too would the files on drives mounted as network shares.

As it stands today, it looks as though KillDisk and its related malware target only companies, not end-users - so we can remain calm (for now). Past that, it seems to infect mostly those who carelessly open email attachments, so yet again, we see an example of disastrous malware that can be so easily avoided.