Although the malware’s design does not allow for the recovery of encrypted files, as encryption keys are neither stored nor sent anywhere, the cyber criminals behind KillDisk demand US$250,000 in Bitcoins.
Fortunately, ESET researchers found a weakness in the encryption employed which makes recovery possible. “KillDisk serves as another example of why paying ransom should not be considered an option. When dealing with criminals, there’s no guarantee of getting your data back – in this case, the criminals clearly never intended to deliver on their promises. The only safe way of dealing with ransomware is prevention. Education, keeping systems updated and fully patched, using a reputable security solution, keeping backups and testing the ability to restore – these are the components of true insurance,” says Robert Lipovský, ESET Senior Researcher.
KillDisk gained notoriety as a component of the successful attack performed by the BlackEnergy group against the Ukrainian power grid in December 2015. Since then, KillDisk attack campaigns have continued, aimed at several targets in the maritime transport sector. Initially targeting Windows systems, the version targeting Linux machines affects both workstations and servers, amplifying the damage potential.
Interested?
Learn more about the KillDisk version targeting Linux machines in an ESET blog post
No comments:
Post a Comment