Threat Database Ransomware Kasiski Ransomware

Kasiski Ransomware

By GoldSparrow in Ransomware

The Kasiski Ransomware is an encryption ransomware Trojan that was first observed on February 17, 2017. The Kasiski Ransomware has many of the characteristics of most ransomware Trojans but has a specific aspect that is not as common. The Kasiski Ransomware has been designed to target computers running 64-bit operating systems specifically and, oddly, the Kasiski Ransomware cannot encrypt files on 32-bit versions of the Windows operating system. The Kasiski Ransomware is targeted towards Spanish speakers, both in Latin America and Spain. The Kasiski Ransomware may be distributed by including it as a file attachment in corrupted spam email messages that pretend to come from trusted sources such as social media companies, PayPal or banks.

How the Kasiski Ransomware Carries out Its Attack

The Kasiski Ransomware will first be delivered to the victim in the form of a compromised file attachment included in a spam email message. When the victims open these file attachments, they will allow the Kasiski Ransomware to be installed on the affected computer. As soon as the Kasiski Ransomware is installed, it carries out its attack by encrypting the victim's files using a strong encryption algorithm. The Kasiski Ransomware adds the string '[KASISKI]' to the beginning of each files' name, making it easy to discern which files have been affected during the attack. The Kasiski Ransomware will encode all data after the file header, meaning that the affected files will retain their icon (which is not the case in many other ransomware attacks). The Kasiski Ransomware will encrypt all files on the victim's hard drive that match a list of file extensions contained in the Kasiski Ransomware's settings. The Kasiski Ransomware also will target files on external memory devices and shared folders on the infected computer. The Kasiski Ransomware delivers its ransom note in the form of an HTA program window that tells the victim to open a text file named 'INSTRUCCIONES.txt' that is dropped on the infected computer's Desktop. The full text of the Kasiski Ransomware ransom note reads as follows:

'TODOS SUS ARCHIVOS FUERON ENCRYPTADOS
PARA RECUPERARLOS ABRA EL DOCUMENTO
'INSTRUCCiONES.txt' QUE SE ENCUENTRA EN SU
ESCRITORIO Y SIGA LAS INSTRUCCIONES QUE ALI...

Información importante
Este es su numero personal (NO LO BORRE) = *****
Todos sus archivos fueron ecnryptados (bloqueados).
Para restaurar sus archivos usted necesita un (DECRYPT TOOL)
Nosotros le ofrecemos el (DECRYPT TOOL) para restaurar sus archivos, su costo es de ($500)' quinientos'

Below is an English translation of the above message:

'ALL YOUR FILES WERE ENCRYPTED
TO RECOVER THEM OPEN THE DOCUMENT
'INSTRUCTIONS.txt' found on your
DESKTOP AND FOLLOW THE INSTRUCTIONS ...

Important information
This is your personal number (DO NOT BLUR) =[RNADOM NUMBER]
All his files were encrypted (blocked).
To restore your files you need a (DECRYPTION TOOL)
We offer you the (DECRYPTION TOOL) to restore your files, it costs ($ 500)'

Dealing with a Kasiski Ransomware Infection

Once the Kasiski Ransomware has encrypted the victim's files, it becomes nearly impossible to recover them without the decryption key. Because of this, computer users should take precautionary measures against infections like the Kasiski Ransomware. The best protection against threats like the Kasiski Ransomware is to make backups of any files on a memory device or the cloud. Apart from file backups, PC security analysts also advise computer users to use an updated security program to ensure that their machines are well protected. Since these threats may be delivered using spam email attachments, it is also essential that computer users learn to handle unsolicited email attachments safely and unsolicited email attachments are never opened by them. Having file backups is the best protection against threats like the Kasiski Ransomware. If computer users can recover their files from a backup, then the people responsible for the Kasiski Ransomware attack no longer have leverage over the victim to ask for the payment of a ransom.

Trending

Most Viewed

Loading...