Researchers at CyberX have found a new variant of the KillDisk program. This was the program used to attack Ukrainian energy utilities. The new variant is an evolution into a ransomware that may the targeting industrial control networks according to the researchers.
CyberX reports that the ransomware is distributed through malicious Office attachments and displays a pop-up demanding 222 Bitcoins, equivalently $206,000. It uses a mix of RSA 1028 public key and AES shared key algorithms to encrypt files and folders that are shared between organizations.