A new variant of the KillDisk malware is reportedly able to encrypt files and hold them for ransom instead of deleting them. Although KillDisk has been used in attacks aimed at industrial control systems (ICS), experts are now concerned that threat actors may be introducing ransomware into the industrial domain.

Previous versions of KillDisk wiped hard drives in order to make systems inoperable. However, a new variant observed by CyberX encrypts files using a combination of RSA and AES algorithms. The ransomware is designed to encrypt various types of files, including documents, databases, source code, disk images, emails, and media files. Both local partitions and network folders are targeted.

The industrial domain is being targeted with the ransomware and should be prepared and armed to combat it.