SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
10 Jan 2017

KillDisk ransomware targets Linux

What will you do if Ransomware infects you? Should you pay or not to recover your files?

The FBI advises - Pay off the criminals to get your files back if you don't have a backup. But paying off a ransom to cyber criminals is not a wise option because there is no guarantee that you'll get the decryption key in return.

In the latest incident, the new variant of KillDisk ransomware has been found encrypting Linux machines, making them unbootable with data permanently lost. KillDisk is a destructive data wiping malware that has previously been used to sabotage companies by randomly deleting files from the computers. KillDisk is the same component associated with the Black Energy malware that was used to hit several Ukrainian power stations in 2015, cutting power for thousands of people.

But according to ESET security researchers, the nasty KillDisk disk wiper malware is back with new variants that target Windows and Linux desktops and servers, encrypt files and then ask for an unusually large ransom:

Around $218,000 in Bitcoins – possibly the world's most expensive ransom attacks. What's even worst? Linux variant of the KillDisk ransomware does not store the encryption key anywhere on disk or command-and-control server. So, even after you pay this extremely large ransom, you are not going to get any decryption key for recovery of your important files.

The good news is that ESET researchers have found a weakness in the encryption employed by the Linux variant which makes recovery of encrypted files possible, though difficult. But the same flaw doesn't exist in the Windows variant of the KillDisk ransomware.

KillDisk Deletes your Files Even After Paying $218,000

According to researchers, the files of victims targeted with the Linux variant of the malware are encrypted using "Triple-DES applied to 4096-byte file blocks," and each file on the computer is encrypted by a different set of 64-bit encryption keys.

The malware then displays the ransom note in an unusual manner: within the GRUB bootloader, which means the KillDisk Linux ransomware overwrites the bootloader entries to show ransom text that asks victims to pay 222 Bitcoin. But paying off the criminals ransom will not bring your files back, as the Linux variant does not store decryption keys anywhere.

    "KillDisk serves as another example of why paying ransom should not be considered an option. When dealing with criminals, there's no guarantee of getting your data back – in this case, the criminals clearly never intended to deliver on their promises," says Robert Lipovský, ESET Senior Researcher.

Prevention is the Best Practice

So, the only safe way of dealing with ransomware is prevention. The best defense against Ransomware is to create awareness within the organizations, as well as maintaining back-ups that are rotated regularly. Most viruses are introduced by opening infected attachments or clicking on links to malware usually in spam emails. So, DO NOT CLICK on links provided in emails and attachments from unknown sources. Moreover, ensure that your systems are running the latest version of Antivirus software with up to date malware definitions.

Tags:
Linux hackers fraud
Source:
The Hacker News
1931
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015