Killware: What is it and How Can You Protect Yourself?

Harmful malware bug icon with a red flag next to it
Click here to read a summary of this article!
Summary: What is Killware?

Killware targets cyber-physical systems, such as IoT devices or critical infrastructure, to inflict damage to human life. An example of this is the attempt to poison the water supply of a city in Florida through the use of a remote hacking tool.

Cybersecurity agencies fear that such attacks will become more commonplace in the future. They also worry that hackers will target critical infrastructure like dams and hospitals where the ensuing damage and loss of life could be severe. On an individual level, killware attacks can target IoT devices, like smart thermostats and autonomous vehicles.

There are a few steps you can take to protect yourself and your family:

  1. Use strong passwords on your WiFi network and connected IoT devices.
  2. Encrypt internet activity by installing a VPN on your router. We recommend ExpressVPN, as it’s both secure and fast.
  3. Install an effective and reliable antivirus program that regularly scans your device for possible threats.
  4. Be wary of phishing attempts through emails and other means of online communication.

For more information on killware and how it operates, read the rest of the article below.

The objective of most malware attacks, like ransomware attacks, is to compromise the target system in one way or another. The hacker might try to make money by holding your files hostage, for example. But what if the objective of the attack is to physically harm or even kill someone? That’s exactly what killware is.

A killware attack usually targets cyber-physical systems and critical infrastructure in a way that can cause damage to or loss of human life. Killware has been in the news recently after cyber attackers tried to poison the population of Oldsmar, Florida. Though the attack was unsuccessful, US agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and Homeland Security worry that killware could claim its first real victim soon — a scary prospect.

This article will tell you more about killware, what it is, and how you can protect yourself.

What is Killware?

Computer showing target iconKillware attacks target human life and seek to cause serious tangible damage, like physical harm or death, to victims. They exploit the increasing link between cyber and physical systems to inflict damage.

Electronic devices, like toasters and smart thermostats, are increasingly connected to the internet. The Internet of Things makes our lives simpler and more convenient. Even critical infrastructure like dams, electricity grids, hospitals, and police departments are managed using the internet. This makes all sorts of convenient systems possible: you can turn up the temperature in your living room before you’ve even made it home, and hospitals can perform check-ups on patients without said patients having to leave their house.

However, connecting these devices with the internet also comes with the necessary risks. Many of these risks, we’ve become accustomed to over the past few decades, like hackers trying to obtain information and viruses making devices unusable. The ever-increasing importance of and dependency on the Internet of Things (IoT), however, now also opens up the possibility for killware attacks. If vital systems are shut down through malware, this can have disastrous consequences — which is exactly the goal of the criminals behind killware attacks.

How Is Killware Different From Ransomware?

The main difference between killware and ransomware is the attacker’s intent. Ransomware has emerged as one of the most worrying cybersecurity threats over the last few years. Even so, killware might be an even bigger danger, if attackers decide to turn to that instead:

  • The intent behind ransomware is financial gain.
  • The intent behind killware is to do physical damage to another person.

In a ransomware attack, hackers infect a system with malware that encrypts their files so that they can’t be accessed. Once the files are encrypted, the hacker demands a ransom. This is usually in the form of a cryptocurrency. Hence, the objective of a ransomware attack is to prevent access to essential files and use it for their own financial gain. Although physical distress for the victims is often a result of ransomware, it isn’t the main goal.

Killware attacks, on the other hand, are not motivated by the prospect of financial gain. Instead, the hacker or hacker group wishes to cause death or physical harm to humans. You can think of it as terrorism or warfare using the internet. While there are no examples of a successful attack yet, it is very likely to happen in the future and must therefore be seen as a real risk.

Who Does Killware Target?

The intended targets of killware attacks can range from one individual to an entire city or even a country. Let’s dive into both situations with a couple of examples.


Given the increasing use of IoT devices all around us, a hacker could remotely gain access to a system or device and use it to cause physical damage. Consider, for instance, the smart thermostats in your house. A hacker could conceivably gain access to its software and infect it with malicious code that raises or reduces temperatures to unbearable levels.

Thermostat with high temperature and warning signA case that happened in Texas earlier this year shows just how realistic this is. Power companies in the state accidentally increased the temperature on thermostats of consumers, who had unknowingly granted them remote access. This happened in the midst of an intense heatwave, causing several consumers to wake up sweating profusely. If an accidental increase of four degrees could make users this uncomfortable, imagine what a hacker with bad intentions could do with such access.

Other potential targets for killware attacks aren’t hard to think of: autonomous vehicles are a great example. Hackers could remotely control the vehicle to cause harm to not only the driver but also other vehicles and pedestrians.


Laptop showing tainted water coming out of tapIt’s also possible that hackers target large-scale and critical infrastructure that can derail an entire city or country. The attempt to poison Oldsmar’s water supply is a recent example of such an attack. Here, attackers tried to increase the level of sodium hydroxide at a local water treatment plant to dangerous levels.

However, while the attack caused great uproar, it’s perhaps not as worrying as first thought. Investigations into the matter have revealed that the attack was not a sophisticated breach, but occurred because the staff at the facility had reused passwords on Teamviewer, a remote access software. A disgruntled employee who knew the passwords simply used it to access Teamviewer and alter the water treatment process. Of course, the mere fact that this attack wasn’t as elaborate as it could have been, does not mean that killware is not a problem.

Hospitals could prove the perfect targets for killware attacks. After all, we’ve already seen a few instances of ransomware attacks on hospitals that have caused them to temporarily halt their services. The CISA and Federal Bureau of Investigation have even released an advisory that provides information and tips for healthcare providers on how to deal with a ransomware attack. Such an attack could easily become a killware attack if the hacker is not satisfied with receiving money and instead wants to harm or kill people.

How Can I Protect Myself From a Killware Attack?

Killware can be thought of as a more sinister and lethal version of existing malware, especially ransomware. That’s why the steps you can take to protect yourself are pretty similar to those in an anti-ransomware plan. We’ve listed some of the precautions you can take below:

Infographic that shows ways how you can protect yourself against Killware

  • Secure your WiFi and IoT devices with a strong password. We recommend using a password manager to set strong and random passwords that are difficult to guess. It’s also important to regularly change passwords to keep hackers at bay. Moreover, you should regularly check which devices are connected to the network. Disconnect the ones that aren’t needed, as this helps reduce the potential devices a hacker could exploit.
  • Install a VPN on your router to encrypt activity on the entire network of IoT devices that you may be using. ExpressVPN offers excellent security features without compromising on speed. If you’re interested, you can click on the button below this list to check out ExpressVPN’s offer.
  • Use a trusted and reliable antivirus program that can detect and eliminate possible killware threats before they take hold of your systems. Check out our rankings of the best antivirus programs to make an informed decision.
  • Beware of spam emails and phishing attempts. Most malware, such as the BloodyStealer, enters your system in the form of attachments in spam emails. if you know how phishing works and what you can do to protect yourself, you’ll be much better protected. We’ve put together some easy tips in this article about phishing.
Great discount on annual subscription + 30-day money-back guarantee!
  • Very easy to use VPN
  • Perfect for anonymous browsing, downloading, and streaming (i.e. Netflix)
  • 3000+ servers in 94 countries
Visit ExpressVPN

On top of these practical tips, the best way to protect yourself is to be aware of the devices around you. Many people buy a new camera or smart fridge and don’t realize these devices are connected to the internet and, therefore, vulnerable. If you keep in mind that it’s not just your phone and your computer you need to protect against hacking, you’re already on the right track.

What to Do if You’ve Been Hit by Killware

Killware attacks don’t yet happen frequently — and we hope they never will. Still, if you fear that your device, or your company, might be infected with killware or some other kind of malware, there are steps you can take to make sure the situation doesn’t escalate. Keep in mind that the tips below are mostly geared towards large cyber-security teams.

  1. Turn off or deactivate all your IoT devices. If the device is already compromised, you may need to unplug it from the main electrical connection to completely turn it off.
  2. Perform a factory reset for each device. It’s very possible that the hacker will simply regain control of a previously infected device if you turn it back on without a reset.
  3. Contact the device’s manufacturer and report the vulnerability. You could even ask them to replace the device to avoid facing another attack.
  4. Notify authorities at the earliest. Killware can cause real physical harm, so alerting the right organizations might be vital. This would include police and other first responders, to begin with. Once the immediate situation is under control, you should also report the incident to your national cybersecurity agency so they can help prevent future attacks.

The reality is that killware is still a very new concept. Since the only requirement for something to be considered killware is that it has to be malware used with the intent to physically harm people, it’s hard to create an all-encompassing step-by-step prevention plan.

In some cases, hackers might directly exploit vulnerabilities in cyber-physical systems. As a result, antivirus scans or quarantining might not be enough to avert a crisis.

As a customer or private user, the best thing to do is ensure that the IoT devices you purchase are certified and secure. Aside from that, we’d recommend you use an antivirus program like Kaspersky to keep yourself safe from different kinds of malware.

The Future of Killware

The increased likelihood of killware attacks in the future is a scary prospect. But, as we’ve covered, security agencies are aware of the problem and are doing their bit to increase their defenses.

While there’s not much you can do to prevent large-scale attacks, you can take the steps listed above to keep yourself and your loved ones safe. You might want to read about other harmful types of malware such as FluBot or more innocuous programs like browser hijackers.

What is Killware: Frequently Asked Questions

Since killware is a new and evolved kind of virus, it’s only natural that readers have a lot of unanswered questions. We’ve answered some of the more frequently asked questions in the section below!

Killware is a kind of malware that causes physical harm or loss of human life. It targets cyber-physical systems, like IoT devices, to inflict real-time damage on people. You can read our article on what killware is and how it operates for more information.

Killware and ransomware are two kinds of malware with different aims:

  • Ransomware encrypts a user’s files and denies access to them until a ransom is paid. The objective of a ransomware attack is financial gain for the hacker.
  • Killware seeks to cause actual physical harm or loss of life. The attacker is not concerned with money but instead wants to cause chaos or deliver a political message, much like a terrorist attack.

Killware operates like most other malware and spreads through emails and security breaches. In most cases, it can be prevented by taking some basic cybersecurity measures like setting strong passwords and using a VPN. It’s also very important to make sure you use secure devices without any known vulnerabilities that could be exploited. Read our article for more information on killware and other preventive steps that you can take.

Tech journalist
Mohit is a legal and public policy researcher whose work focuses largely on technology regulation. At VPNOverview, he writes about cybersecurity, cryptocurrencies and sports events.