KillDisk a malware variant designed to wipe data from hard drives. KillDisk was used by cyber-espionage group Sandworm team, also known as TeleBots, to target and sabotage ICS/SCADA networks in the Ukraine. The December 2015 cyber-attack was the first of its kind, resulting in a power outage that lasted up to 6 hours and affected approximately 225,000 people. In late 2016, it was used again by Sandworm team to target Ukrainian banks. In early 2017, a separate KillDisk version was discovered with ransomware capabilities.


  • March 2016: KillDisk used in cyber-attack causing power outage in the Ukraine. (Wired)
  • December 2016: Sandworm team targets Ukrainian banks with KillDisk malware. (Security Affairs)
  • January 2018: New KillDisk variant targets financial institutions in Latin America. (Trend Micro)
  • June 2018: New KillDisk variant targets Latin American financial organizations again. (Trend Micro)

Technical Details

  • ESET provides technical analysis on KillDisk here.