Recent News - ESET Discovered a Variant of the Destructive KillDisk Malware that Encrypts Linux Machines


2017-01-05

The new variant of KillDisk encrypts Linux machines, making them unbootable with data permanently lost. Despite the fact that the malware’s design doesn’t allow for the recovery of encrypted files, as encryption keys are neither stored nor sent anywhere, the criminals behind KillDisk demand 250 thousand USD in Bitcoins. Fortunately, ESET researchers found a weakness in the encryption employed which makes recovery possible, albeit difficult.

“KillDisk serves as another example of why paying ransom should not be considered an option. When dealing with criminals, there’s no guarantee of getting your data back – in this case, the criminals clearly never intended to deliver on their promises. The only safe way of dealing with ransomware is prevention. Education, keeping systems updated and fully patched, using a reputable security solution, keeping backups and testing the ability to restore – these are the components of true insurance,” says Robert Lipovský, ESET Senior Researcher.

KillDisk is a destructive malware that gained notoriety as a component of the successful attack performed by the BlackEnergy group against the Ukrainian power grid in December 2015. More recently, ESET researchers detected planned cyber-sabotage attacks against a number of different targets within Ukraine’s financial sector. Since then, KillDisk attack campaigns have continued, aimed at several targets in the maritime transport sector.

The attack toolset has evolved and recent variants of KillDisk serve as file-encrypting ransomware. Initially targeting Windows systems, the version targeting Linux machines - not only affects Linux workstations but also servers, amplifying the damage potential.

 
Figure 1 - Linux KillDisk ransom message. In the Windows variant, the ransom message is exactly the same, including the ransom amount, Bitcoin address, and contact email.

Learn more about KillDisk targeting Linux machines in the blogpost published on ESET’s official blog, WeLiveSecurity.com.


 

About ESET
ESET®, the pioneer of proactive protection and the maker of the award-winning ESET NOD32® technology, is a global provider of security solutions for businesses and consumers. For over 26 years, the Company continues to lead the industry in proactive threat detection. By obtaining the 80th VB100 award in June 2013, ESET NOD32 technology holds the record number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. In addition, ESET NOD32 technology holds the longest consecutive string of the VB100 awards of any AV vendor. ESET has also received a number of accolades from AV-Comparatives, AV-TEST and other testing organisations and reviews. ESET NOD32® Antivirus, ESET Smart Security®, ESET Cyber Security® (solution for Mac), ESET® Mobile Security and IT Security for Business are trusted by millions of global users and are among the most recommended security solutions in the world.

ESET recently updated its two-factor authentication (2FA) application, adding a secure validation to weak and static user passwords. This updated version of ESET’s 2FA application provides flexibility and deeper integration of 2FA into bespoke applications, making it the best cost-effective solutions for SMBs everywhere.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Jena (Germany), Prague (Czech Republic) and Sao Paulo (Brazil). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia) and an extensive partner network for more than 180 countries. For more information visit http://eset.version-2.sg/ or follow us on Facebook.

 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

For more information, please visit www.version-2.com.sg or call (65) 6296-4268.

Previous News Next News

Return to the previous page