Threat Database Ransomware '.kyra File Extension' Ransomware

'.kyra File Extension' Ransomware

By GoldSparrow in Ransomware

The '.kyra File Extension' Ransomware is a ransomware Trojan that is a variant of numerous ransomware Trojans that first appeared in October of 2016. The '.kyra File Extension' Ransomware's variants are easily identifiable because they use four-letter file extensions to identify the files that have been encrypted in the attack. In the case of the '.kyra File Extension' Ransomware, which is also a variant of the known ransomware Trojan called 'Globe,' the files are recognized by the file extension '.kyra.' The '.kyra File Extension' Ransomware is not a new threat, which is entirely derived from the same engine as the Globe ransomware Trojan and threats in the Purge family of threats.

How the '.kyra File Extension' Ransomware Carries out Its Attack

The '.kyra File Extension' Ransomware is identical to countless other ransomware Trojans that are active today. The '.kyra File Extension' Ransomware is delivered to its victims' computers in the form of a corrupted file attachment included in spam email messages. Once the '.kyra File Extension' Ransomware has been delivered to the victim's computer, it will begin to encrypt the victim's files with a strong encryption algorithm that cannot be cracked with brute force decryption. The '.kyra File Extension' Ransomware will encrypt the files located in all local and network drives. The '.kyra File Extension' Ransomware searches for and encrypts files with the following extensions:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The '.kyra File Extension' Ransomware Infection and Ransom Note

Files that have been encrypted by the '.kyra File Extension' Ransomware will no longer be readable, becoming useless until the victim pays the ransom to receive the decryption key. Like other variants of this attack, the '.kyra File Extension' Ransomware delivers its ransom note in the form of an HTA application, with a message titled 'STRIKE.' Below is the full text of the '.kyra File Extension' Ransomware's ransom note:

'ALL YOUR FILES ARE ENCRYPTED!
Your personal key:
[617-byte long key]
Your documents, photos, databases, save games and other important data has been encrypted. Data recovery requires decoder.
To obtain decoder, please contact me by emal: support-lodang@ndia.com or through the service https://bitmsg.me , and send me a message to the address: BM-[31 random characters])
In the message write your personal key.
In reply, you will receive address Bitcoin wallet, on which will need to make a payment at a rate of 1.0 BTC ($620).
You must contact me within 48 hours.
[instructions on how to obtain Bitcoin]
When will be confirmation of payment, you val receive a decoder for your computer.

The 'Support Staff' for the '.kyra File Extension' Ransomware can be Found on the 'Support-locking@India.com' Email Address'

The use of an India.com email address in the '.kyra File Extension' Ransomware attack also points to connections to other ransomware campaigns, such as those carried out using the Crysis Ransomware engine during the Summer of 2016. Currently, ransomware attacks are pervasive among the most common and destructive forms of threats in the wild currently. Code is frequently recycled from one ransomware Trojan to the next. As soon as PC security researchers uncover new ways to deal with threats, the threat creators alter their threats by changing their variables slightly to bypass the victim's defenses in a constantly escalating arms race.

Trending

Most Viewed

Loading...