Like its Windows counterpart, the Linux version of KillDisk encrypts files, rendering the affected system unbootable. It asks for the same 222 Bitcoin (around US$278,000) ransom, but the encryption key used is neither stored locally or sent to a remote server, so even if the perpetrators are paid they have no way of reversing the process.
Eset says its researchers have found a weakness in the encryption method that makes decryption "possible, albeit difficult." Exactly how decryption can be performed was not disclosed.
“KillDisk serves as another example of why paying ransom should not be considered an option. When dealing with criminals, there’s no guarantee of getting your data back – in this case, the criminals clearly never intended to deliver on their promises," said Eset senior researcher Robert Lipovský.
"The only safe way of dealing with ransomware is prevention. Education, keeping systems updated and fully patched, using a reputable security solution, keeping backups and testing the ability to restore - these are the components of true insurance."