A malware family previously used to sabotage computers by deleting and rewriting files has added a ransomware component, now encrypting files and demanding a huge ransom.
Until now, the KillDisk malware family has been only associated with cyber-espionage and cyber-sabotage operations, most of which had been carried out in the industrial sector. The group behind this malware is known under two names: Sandworm or TeleBots.
The Sandworm gang is known for its work on the Sandworm malware that targeted and sabotaged industrial control systems (ICS) and supervisory control and data acquisition (SCADA) industrial devices in the US in 2014.
It is believed that the Sandworm gang later evolved into the TeleBots gang, which developed the TeleBots backdoor trojan, and the KillDisk disk-wiping malware.