Threat Management, Critical Infrastructure Security, Threat Management, Threat Intelligence, Incident Response, Malware, Ransomware, TDR

New variant of KillDisk wiper threatens industrial control networks with ransomware

Share

The KillDisk disk-wiper program that was used in conjunction with BlackEnergy malware to attack Ukrainian energy utilities has evolved into ransomware that may be targeting industrial-control networks.

According to researchers at CyberX, the new variant was developed by the TeleBots cybergang, which recently emerged from the Sandworm threat group that is believed to have disrupted the Ukrainian power grid offline in December 2015 and January 2016, and allegedly compromised U.S. industrial-control systems and SCADA systems in 2014. Earlier this year, ESET researchers reported that TeleBots was a using different version of KillDisk to conduct cybersabotage attacks against the Ukrainian financial sector.

In a blog post on Tuesday, CyberX reported that the ransomware variant is distributed via malicious Office attachments and displays a pop-up message demanding 222 Bitcoins, which is currently the equivalent of approximately $206,000. The variant's exorbitant ransom and its link to Sandworm suggests that the group could be actively launching ransomware attacks against industrial-control networks.

KillDisk uses a mix of RSA 1028 public key and AES shared key algorithms to encrypt local hard-drives and network-mapped folders that are shared across organizations, CyberX further reported.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.