KillDisk Ransomware

KillDisk Ransomware is not the kind of threat that regular users are likely to encounter; however, it is possible that its creators will – if they have not done this already – come up with a different version created for lower-scale attacks. At the moment, this ransomware appears to be targeted at big companies and organizations, specifically those in Ukraine. According to the recent reports, the infection has been found on the systems linked to banks and energy-related organizations. It is possible that it will perform government-level attacks as well. It is believed that the threat was created by TeleBots, which, supposedly, is a Russia-based group, and, unfortunately, it has the potential to attack ICS/SCADA systems all over the world. The removal of KillDisk Ransomware is a very complex topic, and, if you want to learn more, you should keep reading. If you are left with unanswered questions, use the comments section below to contact us.

Did you know that there are at least two different versions of the devious KillDisk Ransomware? Both versions of this infection are most likely to be downloaded by a Trojan downloader that spreads via an Excel document with a macro. A victim of this ransomware is likely to find the file attached to a spam email, but other methods of distribution could be employed as well. The malicious macro is executed as soon as the victim chooses to Enable Content, and victim’s interaction is required because macro is disabled by default. The execution of macros enables the execution of explorer.exe, a Trojan downloader that, eventually, infiltrates KillDisk Ransomware. Of course, attackers could use this backdoor to infiltrate other malicious tools that could be used to compromise the targeted system in different ways. For example, silent keyloggers could be employed to record entries that might reveal login information and other confidential data.

Although different versions of KillDisk Ransomware can be spread in different ways, they have different tasks once they are executed. One of them is the kind we are used to: It encrypts files, displays a ransom note, and waits for your payment. Even so, it is not comparable with DeriaLock Ransomware, CyberSplitter 2.0 Ransomware, and other malicious infections we have reviewed on our website in the past. This infection demands a shocking 222 BTC ransom for the decryption of the files, and, of course, there are no guarantees that the files would actually be decrypted. If you are not familiar with this virtual currency, you probably do not know that 222 Bitcoins convert to over $240,000. Keep in mind that this currency is highly unstable, and frequent fluctuations are expected. Because the infection demands this much money, our guess is that it is specifically targeted at big earners, including big companies and sensitive organizations.

There is one more version of the dangerous KillDisk Ransomware, and this one is far more damaging than the previously discussed one. While there is a chance – no matter how slim – to get the files back when they are encrypted, it is almost a guarantee that the encrypted files are lost if the system is corrupted by the version that is capable of wiping the hard drive. Of course, this version of the malicious ransomware serves a different purpose. The cyber criminals will not earn any money by wiping hard drives. Obviously, this type of an attack is meant to disrupt work and intimidate its victims. Unfortunately, once the hard drive is wiped, it is unlikely that the data stored on it can be recovered.

Considering that KillDisk Ransomware is most likely to be installed by a Trojan downloader that might have already infiltrated many other infections, it would be irresponsible of us to suggest manual removal. Instead, it is crucial to employ legitimate anti-malware software to have the operating system cleared from the ransomware. Of course, this will not work if the hard drive was wiped completely, but the operating systems corrupted with the ransom-demanding version could be salvaged. Unfortunately, at this time, it is impossible to decrypt the files that are corrupted by the ransomware. If you remove KillDisk Ransomware, the files will remain locked. Needless to say, if a generic decryption key is found, we will inform you about it.