Kaenlupuf Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 12 |
| First Seen: | March 9, 2017 |
| OS(es) Affected: | Windows |
The Kaenlupuf Ransomware is a ransomware Trojan that first appeared in March 2017. Malware analysts have uncovered that versions of the Kaenlupuf Ransomware go back as early as 2014, making it fairly unique among many of the ransomware Trojans used today. The Kaenlupuf Ransomware, like many other ransomware Trojans, uses a combination of the RSA and AES encryption to make the victims' files completely inaccessible. Despite the fact that the Kaenlupuf Ransomware is similar to most other ransomware Trojans, it has a curious origin and other characteristics.
Table of Contents
Uncovering the Origins and Unique Characteristics of the Kaenlupuf Ransomware
MyCERT, an acronym for the Malaysia Computer Emergency Response Team, first developed the Kaenlupuf Ransomware. This is a software security provider that created the Kaenlupuf Ransomware as ransomware Trojan used to educate their staff and associated people. The Kaenlupuf Ransomware was used for exercises in the company. Unfortunately, at some point, the Kaenlupuf Ransomware was leaked and modified into a corrupted variant capable of carrying out effective attacks in the wild. This new variant of the original 2014 version of the Kaenlupuf Ransomware was first released in March 2017 and is being distributed using corrupted spam email attachments.
How the Kaenlupuf Ransomware Attacks a Computer
The Kaenlupuf Ransomware infection targets computer users in Southeast Asia. Fortunately, the con artists were not capable of altering the encryption routine used in the Kaenlupuf Ransomware attack. This means that MyCERT has released an effective decryption tool that can help computer users recover their files. However, it is not unlikely that the Kaenlupuf Ransomware will be further modified to allow it to bypass this tool eventually. Like other ransomware Trojans, the Kaenlupuf Ransomware targets a wide variety of file types in its attack, including audio, video, databases, and many document formats used commonly. The Kaenlupuf Ransomware delivers its ransom note in an HTML file named 'kaenlupuf-note.html,' which is dropped on the infected computer's desktop. The Kaenlupuf Ransomware ransom note contains the following text:
'NOTE FOR YOU - MUST READ
First of all, we congratulate you for being chosen to be among those with the most successful file protection from external threats.
We understand that you need your files immediately. We introduced a special package with affordable price which is as low as 1 Bitcoin only.
Surprised by our offer? So what are you waiting for, register your bitcoin wallet now to get your important files back.
The longer you wait the price will increase. Your files are protected with RSA-2048 bit algorithm. Very good and interesting is it not?
GET BACK MY FILES!
To retrieve your files, follow these steps carefully:
1. Register your account in Bitcoin wallet at the following URL:
https://blockchain.info/wallet/
2. Use our bitcoin address to transfer your credit:
173MLPGRWdc6z91gQXBCHYVTkqTR9tMABb
3. The amount of the payment is as follows:
1 BTC
4. Make sure add your ID when making a transaction.
TOKEN - YOUR ID: [RANDOM CHARACTERS]'
Protecting Your Computer from the Kaenlupuf Ransomware
The best protection against threats like the Kaenlupuf Ransomware is to have backups of all files either on the cloud or an external memory device. Even through a decryption tool for the Kaenlupuf Ransomware exists, it is entirely possible that new versions of the Kaenlupuf Ransomware that bypass this will be released. More importantly, most ransomware Trojans that are active today use an attack that is nearly identical to the Kaenlupuf Ransomware and, in most cases, no decryption method exists to help computer users recover their data. That means that restoring the affected files from a backup copy remains as the most effective method to help computer users bypass these attacks. Apart from file backups, however, computer users should learn to avoid common distribution methods (such as spam emails) and have installed a reliable security program that is fully up-to- date.
SpyHunter Detects & Remove Kaenlupuf Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | netsvc.exe | a1f580897095e5a1012d6eabcc1994fe | 12 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.