The KillDisk malware has evolved into a ransomware, and is currently distributed via malicious attachments in emails. It can encrypt both local hard drives and network-mapped folders. Victims have to pay a ransom of 222 bitcoins (about SGD 1,400) for the decryption key.
The threat actors behind KillDisk, known as Sandworm or TeleBots, had previously deployed the KillDisk malware to attack industrial control systems (ICS) and supervisory control and data acquisition (SCADA) industrial devices by deleting and rewriting files.
Comments: To avoid becoming victims of ransomware, organisations should avoid opening and clicking spam or phishing emails with unsolicited attachments, misspellings in domain names, and unknown senders. It is also recommended that organisations back up important files offline and offsite to minimise disruptions to daily operations during a ransomware attack. Victims will also be less compelled to pay ransom to recover encrypted files.