KillDisk Ransomware Targeting Linux

KillDisk is the name of several malwares that target different operating systems and by infecting users it will wipe or encrypt the HD content. ESET security researchers uncovered a new variant of this malware that target Linux operating system and make the system unbootable.

This malware was used in the past to attack critical infrastructure power grid in Ukraine. Now and with this variant the malware is able to target windows operating system or Linux system and will lock the Grub bootloader with the ransom message asking to make payment transaction.

KillDisk message sourced ESET

KillDisk message sourced ESET

The message in Grub bootloader will display where victim should forward the payment beside this is going to encrypt 17 directory known to be used by Linux. This makes it impossible for users to recover his data. Triple-DES algorithm is used by cyber criminals which considered to be hard to crack.

We are so sorry, but the encryption of your data has been successfully completed, so you can lose your data or pay 222 btc to 1Q94RXqr5WzyNh9Jn3YLDGeBoJhxJBigcF with contact” According to ESET

If you have been affected with a similar malware or any ransom infection it is important to never issue any payment to attacker because there is no guarantee that you will have your data back. The only protection against this malware is by applying all security patches using updated security software and making a backup constantly with a copy stored offline in case of emergency.

Notify of
Inline Feedbacks
View all comments