KillDisk-Dimens Ransomware Removal Guide

Do you know what KillDisk-Dimens Ransomware is?

KillDisk-Dimens Ransomware is a tremendously dangerous infection that might have been created to target big companies in Latin America. All in all, if we have learned one thing from researching hundreds and thousands of Windows infections, it is that they are unpredictable. Unfortunately, it is possible that any company anywhere could be targeted by this threat. As soon as the testing of this malware was initiated in the internal lab, it became clear that it is a new variant of the infamous KillDisk Ransomware that was reviewed in a separate article nearly a year ago. Although we classify it as a ransomware, it is not your regular file-encryptor. Instead of encrypting files and demanding a ransom in return of an alleged decryptor, this infection destroys files, terminates system processes, and overwrites the MBR to ensure that you can no longer use your system normally. Without a doubt, you want to keep an infection like that away from your operating system. If it has slithered in already, you must remove KillDisk-Dimens Ransomware immediately.

According to malware researchers, the malicious KillDisk-Dimens Ransomware is most likely to be downloaded and executed by another infection active on the operating system. The threat is executed as dimens.exe in the C:\Windows\ directory, but it is then renamed to “0123456789.” Once in place, the infection goes through all drives to start the removal. It appears that the threat should evade all directories with these strings in the names: Users, PerfLogs, ProgramData, Program Files, Program Files (x86), $Recycle.Bin, Recovery, System Volume Information, Windows Windows.old, and WINNT. When the malicious KillDisk-Dimens Ransomware finds something to delete, it first renames the file and then overwrites the first 0x2800 bytes. Then, the infection goes on to overwrite the MBR (Master Boot Record), which it does by overwriting the first 0x20 sectors of the device. The infection also can terminate certain processes, including csrss.exe, lsass.exe, wininit.exe, and winlogon.exe. After that, the operating system should restart, and, after that, the “Reboot and Select proper Boot device or insert Boot Media in selected Boot device and press a key” message should appear. This, in most cases, is when the victim realizes that their operating system has been invaded by malware.

If the Master Boot Record is overwritten, the user of the affected machine cannot run it properly. Unfortunately, there is no easy fix for that, and the victim will need to reinstall Windows. Of course, even after successful reinstallation, the files would remain destroyed. The devious KillDisk-Dimens Ransomware does not want to make money; otherwise, it would create a ransom note. It appears that the attackers behind this infection are trying to send a message that no one is safe. Although even the biggest companies and government organizations continue being hit by ransomware, there are things that everyone can do to evade attacks. For one, the systems must be protected by reliable security software that is up-to-date. If the software is outdated, and the security patches are not applied, malware can find a way in. It is also crucial that all data is backed up. If data is backed up, no file-encrypting, removing, or destroying malware can intimidate you.

According to our research team, there is a chance that you could recover damaged files. It is suggested that you use Live CD to boot the operating system from the CD-ROM, and then employ third-party data recovery tools (e.g., PhotoRec) to try to recover data. If that is possible, store the data on an external drive before you reinstall the operating system. That, pretty much, is all you can do. If the corrupted data is not important to you, or if you have backups, you want to reinstall Windows straight away.

In non-techie terms:

The KillDisk-Dimens Ransomware is extremely malicious, and it was created for the sole purpose of destroying data and overwriting the Master Boot Record to jeopardize the running of the operating system. It is hard to say whether or not the recovery of data is possible, but victims can try using recovery tools. In this case, one would need to boot the operating system using Live CD first. Windows users would have to create it themselves, and that is a task that even experienced users are likely to find challenging. In either case, to revive the operating system, reinstallation of the operating system is required. Hopefully, the data is backed up, and you can safely transfer it back onto the operating system afterward. Of course, first, you need to make sure that your operating system is free from malware and protected against it reliably.