Discovered by TrendMicro experts, it blocks access to your computer and demands a ransom. On closer inspection, however, it’s not the “usual” ransomware
Moving the ranks behind the scenes should be the cybercriminals of Telebots, a group of Russian origin specialized in cyberespionage and author, most likely, also of the NotPetya attack. In short, a group that can boast of a respectable curriculum, to which KillDisk should now be added, one of the latest cyber threats to have appeared on the Net.
Detected by MicroTrend researchers, KillDisk has caught the attention not so much for its diffusion – at the moment it seems to be limited to the American continent – as for its anomalous behavior. Although it initially appears to be one of the many ransomware that have been tormenting companies and organizations around the world since the first half of 2017, the malware turns out to be anything but. A transformation that makes it even more dangerous than it may initially appear. However, let’s proceed in order.
How KillDisk behaves
After infecting the computer (downloaded, perhaps, from a compromised email or web portal) and installing itself on the hard drive, KillDisk takes an “academic quarter of an hour” before restarting the PC and showing the usual screen with ransom demand. It is what happens during the 15 minutes that makes KillDisk a very peculiar piece of malware: the malicious software deletes all folders on the hard drive and overwrites the master boot record (the section of the hard drive where the drivers and firmware needed to boot the operating system are located) to prevent the computer from booting up properly.
Even if the user decides to pay the ransom, he would be faced with a double scam: no unlock key and, most importantly, no chance to recover the deleted files. In short, KillDisk is more of an eraser than a ransomware.
How to defend yourself against KillDisk
The tips for defending yourself against KillDisk malware attack do not differ much from those for defending yourself against ransomware and malware in general. First of all, do not download attachments present in unclear emails or received from unknown senders. Then avoid clicking on shortened links unless you already know which website they will lead to.
In the end, this new type of malware has, if you will, an educational value as well. KillDisk proves once again, if there is still a need, that you should never pay the ransom during a ransomware infection. In addition to running the risk of being confronted with malware that erases the contents of the disk, leaving no chance of recovery, it could also happen that the hackers lose their tracks with the loot and without sending the cryptographic unlock key.