KillDisk Introduces Ransomware Component

On December 28th, 2016, SecurityWeek wrote a story about KillDisk having a new ransomware component. At Hipara, we believe this to be a disinformation tactic by the adversary. The same disinformation tactic has been used when this actor included Mr Robot references and fsociety references in their malware earlier this year during an operation against Ukrainian financial companies.

Nonetheless, you can protect your organization from both attacks with Hipara! Hipara's anti-ransomware module defeats the actor's ability to encrypt files and hold those files hostage.

But what happens when KillDisk is acting as a backdoor and not ransomware? Hipara has you covered! Florian Roth has produced some fantastic Yara signatures to detect this adversary, including BlackEnergy, Dropbear, KillDisk and more! Upload these signatures to your Hipara Server and be protected today!

Haven't deployed Hipara? Email for a trial!

Brett Cunningham

Read more posts by this author.

Subscribe to Hipara Blog

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!