KillDisk

GPTKB entity

Statements (39)
Predicate Object
gptkbp:instanceOf malware
gptkbp:alsoKnownAs gptkb:Kill_Disk
gptkbp:associatedWith gptkb:Sandworm_group
gptkb:APT28
gptkbp:category cyberweapon
destructive malware
gptkbp:detects gptkb:security
gptkbp:effect data loss
service disruption
system downtime
gptkbp:firstAppearance 2015
gptkbp:function destroys data on hard drives
renders systems unbootable
https://www.w3.org/2000/01/rdf-schema#label KillDisk
gptkbp:language gptkb:C++
C
gptkbp:notableBattle gptkb:2015_Ukraine_power_grid_cyberattack
gptkb:2016_attacks_on_Ukrainian_banks
gptkbp:operatingSystem gptkb:Windows
gptkb:Linux
gptkbp:payload overwrites files with random data
overwrites master boot record
gptkbp:ransomDemanded $218,000 (in some attacks)
gptkbp:removes data recovery often impossible
requires system reinstallation
gptkbp:spreadTo phishing emails
malicious attachments
exploiting vulnerabilities
gptkbp:target gptkb:energy
financial institutions
government organizations
critical infrastructure
gptkbp:type wiper malware
gptkbp:usedIn gptkb:BlackEnergy_attacks
gptkb:Ukrainian_power_grid_attack
cyberattacks
gptkbp:variant gptkb:KillDisk_ransomware_variant
gptkbp:bfsParent gptkb:TA-94
gptkbp:bfsLayer 5