KillDisk Ransomware Targeting Linux
KillDisk is the name of several malwares that target different operating systems and by infecting users it will wipe or encrypt the HD content. ESET security researchers uncovered a new variant of this malware that target Linux operating system and make the system unbootable.
This malware was used in the past to attack critical infrastructure power grid in Ukraine. Now and with this variant the malware is able to target windows operating system or Linux system and will lock the Grub bootloader with the ransom message asking to make payment transaction.
The message in Grub bootloader will display where victim should forward the payment beside this is going to encrypt 17 directory known to be used by Linux. This makes it impossible for users to recover his data. Triple-DES algorithm is used by cyber criminals which considered to be hard to crack.
“We are so sorry, but the encryption of your data has been successfully completed, so you can lose your data or pay 222 btc to 1Q94RXqr5WzyNh9Jn3YLDGeBoJhxJBigcF with blockchain.info contact e-mail:firstname.lastname@example.org” According to ESET
If you have been affected with a similar malware or any ransom infection it is important to never issue any payment to attacker because there is no guarantee that you will have your data back. The only protection against this malware is by applying all security patches using updated security software and making a backup constantly with a copy stored offline in case of emergency.