$247,000 KillDisk ransomware demands a fortune, forgets to unlock files

ESET
The cost of ransomware reached close to $1 billion in 2016, and it’s not hard to see why.
The malware family, which targets everything from Windows to Mac machines, executes procedures to encrypt files and disks before demanding a ransom payment in return for keys to decrypt and unlock compromised machines.
However, it is not only the general public which is being targeted with everything from hospitals to schools and businesses now in the firing line.
As the prospect of losing valuable content on computer systems or facing widespread disruption to business operations is often too much to bear, many will simply give up and give in, paying the fee and unfortunately contributing to the cybercriminal’s operations.
However, paying up does not guarantee that victims will get their files back, no matter how low or high the payment demand.
This week, ESET researchers discovered that a Linux variant of KillDisk, linked to attacks against core infrastructure system in Ukraine in 2015, now being used against fresh Ukrainian financial targets.

华平股份(300074)融资融券信息(12-28)
The ransomware demands a huge amount of money, but there is no underwritten protocol for decryption keys to be released once payment is made.
Distributed through phishing campaigns targeting both Windows and Linux, once downloaded, the ransomware throws up a holding page referring to the Mr. Robot television show while files are being encrypted, the research team said in a blog post.
要防止钓鱼网站,关键仍在提高防范意识,不要在公共场所(如网吧、公共图书馆等)使用网上银行,以防止这些计算机可能装有恶意的监测程序。
A message then begins with “we are so sorry…” before demanding a laughable 222 Bitcoin ($247,000).
Unsurprisingly, no-one has paid up yet, nor should they, ever.
“This new variant renders Linux machines unbootable, after encrypting files and requesting a large ransom,” ESET says. “But even if victims do reach deep into their pockets, the probability that the attackers will decrypt the files is small.”
Files are encrypted using Triple-DES applied to 4096-byte file blocks and each file is encrypted using different sets of 64-bit encryption keys. However, the ransomware does not store encryption keys either locally or through a command-and-control (C&C) server, which means that affected systems after reboot are unbootable, and paying the ransom is pointless.
“It is important to note — that paying the ransom demanded for the recovery of encrypted files is a waste of time and money,” the team said. “Let us emphasize that — the cyber criminals behind this KillDisk variant cannot supply their victims with the decryption keys to recover their files, despite those victims paying the extremely large sum demanded by this ransomware.”
See also: Remove ransomware infections from your PC using these free tools | Hit by Globe3 ransomware? This free tool could help you decrypt your files
There is hope, however, for victims. There is a weakness in the encryption used by the ransomware, which makes recovery possible — at least when it comes to Linux infections.
Earlier this week, researchers at Check Point revealed the latest exploits of the GoldenEye ransomware, a strain of malware which is targeting German HR companies. The malware is contained in phishing emails which appear to be from job applicants, and once downloaded and installed, demands $1000 in Bitcoin to unlock infected systems.
Top 10 tech products revealed at CES 2017…
SEE FULL GALLERY
1 – 5 of 10
NEXT
PREV
More security news
US intelligence: 30 countries building cyber attack capabilities
Hit by Globe3 ransomware? This free tool could help you decrypt your files
This ransomware targets HR departments with fake job applications
This Android-infecting Trojan malware uses your phone to attack your router
应用程序白名单让安全可控,自带设备BYOD让企业安全问题的管理日益艰难,制定白名单不失为上策,不过也要考虑不能过于打击员工的士气和创造性。

猜您喜欢

互联网金融移动APP与虚假WIFI的信息安全教训
电子邮件安全意识仍然很重要
借助云端EHS培训服务快速建立安全与健康检查培训体系
奥巴马荣誉告别仪式一士兵晕倒
AMHGROUP HITC
大数据时代的大安全