A malware family previously used to sabotage computers by deleting and rewriting files has added a ransomware component, now encrypting files and demanding a huge ransom. Until now, the KillDisk malware family has been only associated with cyber-espionage and cyber-sabotage operations, most of which had been carried out in the industrial sector. The group behind this malware is known under two names: Sandworm or TeleBots. The most recent of these attacks were against Ukrainian banks, infected bank workers.
Source: https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/