|
gptkbp:instanceOf
|
malware
|
|
gptkbp:alsoKnownAs
|
gptkb:Kill_Disk
|
|
gptkbp:associatedWith
|
gptkb:Sandworm_group
gptkb:APT28
|
|
gptkbp:category
|
cyberweapon
destructive malware
|
|
gptkbp:detects
|
gptkb:security
|
|
gptkbp:effect
|
data loss
service disruption
system downtime
|
|
gptkbp:firstAppearance
|
2015
|
|
gptkbp:function
|
destroys data on hard drives
renders systems unbootable
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
KillDisk
|
|
gptkbp:language
|
gptkb:C++
C
|
|
gptkbp:notableBattle
|
gptkb:2015_Ukraine_power_grid_cyberattack
gptkb:2016_attacks_on_Ukrainian_banks
|
|
gptkbp:operatingSystem
|
gptkb:Windows
gptkb:Linux
|
|
gptkbp:payload
|
overwrites files with random data
overwrites master boot record
|
|
gptkbp:ransomDemanded
|
$218,000 (in some attacks)
|
|
gptkbp:removes
|
data recovery often impossible
requires system reinstallation
|
|
gptkbp:spreadTo
|
phishing emails
malicious attachments
exploiting vulnerabilities
|
|
gptkbp:target
|
gptkb:energy
financial institutions
government organizations
critical infrastructure
|
|
gptkbp:type
|
wiper malware
|
|
gptkbp:usedIn
|
gptkb:BlackEnergy_attacks
gptkb:Ukrainian_power_grid_attack
cyberattacks
|
|
gptkbp:variant
|
gptkb:KillDisk_ransomware_variant
|
|
gptkbp:bfsParent
|
gptkb:TA-94
|
|
gptkbp:bfsLayer
|
5
|