K2 Ransomware

K2 Ransomware Description

The K2 Ransomware is a threatening crypto locker malware. It aims to infect the target's computer, initiate an encryption process leveraging an uncrackable cryptographic algorithm, and extort money in exchange for the decryption key or tool. The K2 Ransomware victims will find that they can no longer either access or use nearly all of their files stored on the compromised computer.

By analyzing the threat's underlying code, infosec researchers determined that it belongs to the VoidCrypt malware family. As such, the K2 Ransomware displays the typical characteristic of a VoidCrypt variant. It follows the same complex pattern for the names of the files it encrypts - [Original File Name].[Email of the Hackers].[ID assigned to the victim].[Ransomware Extension]. The specific email used by the threat is 'Helpforfiles@xmpp.es' while the file extension it appends is '.k2.' The instructions left by the cybercriminals will be displayed in a pop-up window generated from a file named '!INFO.HTA' file.

The ransom note states that the ransom to the hackers must be made using Bitcoin. Although no exact price is mentioned in the note, the hackers threaten to double the amount of the ransom after 48 hours have passed. Affected users are expected to initiate contact by sending a message to two email addresses under the control of the hackers. The main email is 'Helpforfiles@xmpp.es', while 'Helpforfiles@cock.li' would only be used if the victims do not receive an answer after contacting the first address.

The full text presented in the K2 Ransomware's pop-up window is:

'!!! Your Files Has Been Encrypted !!!♦ your files has been locked with highest secure cryptography algorithm ♦

♦ there is no way to decrypt your files without paying and buying Decryption tool♦

♦ but after 48 hour decryption price will be double♦

♦ you can send some little files for decryption test♦

♦ test file should not contain valuable data♦

♦ after payment you will get decryption tool ( payment Should be with Bitcoin)♦

♦ so if you want your files dont be shy feel free to contact us and do an agreement on price♦

♦ !!! or Delete you files if you dont need them !!!

Your ID :-

our Email :Helpforfiles@xmpp.es

In Case Of No Answer :Helpforfiles@cock.li'

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.