KillDisk Wiper (aef0fdd4-38b6-11e8-afdd-3b6145112467)
KillDisk, along with the multipurpose, cyberespionage-related BlackEnergy, was used in cyberattacks in late December 2015 against Ukraine’s energy sector as well as its banking, rail, and mining industries. The malware has since metamorphosed into a threat used for digital extortion, affecting Windows and Linux platforms. The note accompanying the ransomware versions, like in the case of Petya, was a ruse: Because KillDisk also overwrites and deletes files (and don’t store the encryption keys on disk or online), recovering the scrambled files was out of the question. The new variant we found, however, does not include a ransom note.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| KillDisk (e81f3e3f-966c-4c99-8d4b-fc0a1d3bb027) | Malpedia | KillDisk Wiper (aef0fdd4-38b6-11e8-afdd-3b6145112467) | Tool | 1 |