K1ng Ransomware
The K1ng Ransomware is a malware threat equipped with strong encryption functionality. Such threats are deployed onto breached devices with the goal of encrypting the data found there. The cybercriminals can then blackmail their victims for money, by promising to help them restore the encrypted files after being paid a hefty ransom. The K1ng Ransomware has retained its destructive capabilities, even though analysis of the threat has revealed that it is yet another variant spawned from the infamous Dharma Ransomware family.
Following the established behavior of this malware family, K1ng also modified the names of the files it locks. The threat will first generate an ID string for the specific victim and then add it to the original names of all encrypted files. Next, an email address controlled by the hackers ('king2022@tutanota.com') will be appended. Finally, '.k1ng' will be placed as a new file extension. Two ransom notes will be delivered to the infected device. One placed inside a text file named 'info.txt' and one displayed in a pop-up window.
According to the ransom demanding messages of the threat, victims are expected to establish communication by contacting either the 'king2022@tutanota.com' email or a secondary email at 'king2022@onionmail.com.' The main message shown in the pop-up window also contains several warnings. The hackers state that users should not rename any of the affected files or try to decrypt them with third-party tools, as doing so could cause permanent damage.
The full text of the ransom note is:
'YOUR FILES ARE ENCRYPTED
1024
Don't worry, you can return all your files!
If you want to restore them, write to the mail: king2022@tutanota.com YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:king2022@onionmail.comATTENTION!
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.The message delivered as a text file is:
all your data has been locked us
You want to return?
write email king2022@tutanota.com or king2022@onionmail.com.'
