KillDisk Ransomware

Posted by Lisa Blanc on January 9, 2017

What is KillDisk Ransomware?

KillDisk Ransomware is a malicious computer infection that can successfully wipe out your files, depending on which version of the program enters your system. This is not a random freeware application that you could ignore. The program will be very straight about what it wants from you, and it is obvious that such infections want your money. Computer security experts discourage users from paying the ransom fees because that might not solve anything. When you get infected with KillDisk Ransomware, your best option is to remove this program from your system for good with a licensed antispyware tool because manual removal may not help much. test

Where does KillDisk Ransomware come from?

This infection has a pretty disturbing background because it is closely associated with other ransomware applications that exhibit similar behavioral patterns. For example, the security researchers at anti-spyware-101.com say that KillDisk Ransomware is similar to Petya Ransomware and Mischa Ransomware infections, although all programs are created by different criminals. The similarity is that all these programs can do tremendous damage to the affected operating system, aside from encrypting user’s files.

KillDisk Ransomware usually has clear targets. We have found that it often attacks banks in the Ukraine, thus damaging computer systems at financial institutions. So the ransomware has a very clear distribution network, and it is spread by a hacker group known as the TeleBots group. It means that the application comes in spam email attachments, sent directly to the target computer network. The criminals send an Excel document with a macro to a potential victim. Macros are disabled on Excel by default, and when victims open those files, they are asked to enable macros again. The moment the macro starts working it drops the explorer.exe file, which functions as a Trojan downloader. The downloader is written in the Rust language, and it connects to a remote command and control center (C&C) to download the ransomware program on the affected computer.

What does KillDisk Ransomware do?

This program can do quite a lot of things, depending on which version of the program has entered your system. For example, the hackers who distribute the program may employ different tools to collect sensitive information from your LAN network. If we are talking about bank computers infected here, then the criminals could collect information about a financial network and use it for illegal financial operations.

In fact, running the ransomware program is the final step in this infection. When the program steals networking administrator level credentials, the ransomware will display a ransom note, demanding that you pay 222 Bitcoins to retrieve the affected files. This is probably where we understand that KillDisk Ransomware seldom targets ordinary computer users because 222 Bitcoins amounts for around $185,000 USD, and it is highly improbably that an ordinary computer user would be able to collect such a sum of money at short notice.

What’s more, other versions of this infection damage the operating system, and eventually it is not possible to boot the infected computer anymore. If the system gets infected with the version that wipes out the entire disk, restoring files would be virtually impossible. This is why computer security experts always point out how important it is to keep a system backup somewhere. What we mean is that it is a good idea to save copies of your files on an external hard drive or any place else where an infection could not reach them.

If, after the infection, your system does not boot anymore, you should connect your hard drive to other computers and try to back up or restore your files with file restoration programs. Of course, you should do that with the help of a professional.

How do I remove KillDisk Ransomware?

Needless to say, removing the infection would not help much if your operating system is damaged. If you were affected by the version of this program that simply displays the ransom note and encrypts specific files, then you can delete the installer file and use a powerful antispyware tool to scan your PC and delete other potential threats. Considering that KillDisk Ransomware is downloaded by a Trojan downloader, there is a very good chance that you may have more malware on-board. As for your files, you can restore them from an external backup if you have one.