Names | KillDisk | |
Category | Malware | |
Type | Wiper | |
Description | (Trend Micro) The malware has since metamorphosed into a threat used for digital extortion, affecting Windows and Linux platforms. The note accompanying the ransomware versions, like in the case of Petya, was a ruse: Because KillDisk also overwrites and deletes files (and don’t store the encryption keys on disk or online), recovering the scrambled files was out of the question. The new variant we found, however, does not include a ransom note. | |
Information | <https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/> <http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.killdisk> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:killdisk> |
Last change to this tool card: 14 May 2020
Download this tool card in JSON format
Previous: Kikothac
Next: Killua
Changed | Name | Country | Observed | ||
APT groups | |||||
![]() | Lazarus Group, Hidden Cobra, Labyrinth Chollima | ![]() | 2007-Dec 2020 ![]() | ![]() | |
TeleBots | ![]() | 2015-Oct 2020 ![]() | ![]() |
2 groups listed (2 APT, 0 other, 0 unknown)
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |