A new variant of the disk wiping malware KillDisk is targeting financial firms in Latin America to wreak havoc without leaving so much as a note.
Trend Micro researchers are still analyzing TROJ_KILLDISK.IUB, the latest version of the malware used in cyberattacks launched in late December 2015 against Ukraine's energy, banking, rail, and mining industries, according to a Monday blog post.
Researchers noted the version has a “self-destruct” feature which doesn't really delete itself, but renames its file while running. The malware also uses a hardcoded file path meaning that it is tightly coupled with its installer.
Initial analysis suggests the malware may be a part of a larger payload, but researchers have yet to confirm that.
In order to prevent infection, researchers recommend users keep systems up to date, check their backups, enforce principle of least privilege, and deploy security mechanisms such as application control/whitelisting and behavior monitoring.