Threat Database Ransomware Kaenlupuf Ransomware

Kaenlupuf Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 12
First Seen: March 9, 2017
OS(es) Affected: Windows

The Kaenlupuf Ransomware is a ransomware Trojan that first appeared in March 2017. Malware analysts have uncovered that versions of the Kaenlupuf Ransomware go back as early as 2014, making it fairly unique among many of the ransomware Trojans used today. The Kaenlupuf Ransomware, like many other ransomware Trojans, uses a combination of the RSA and AES encryption to make the victims' files completely inaccessible. Despite the fact that the Kaenlupuf Ransomware is similar to most other ransomware Trojans, it has a curious origin and other characteristics.

Uncovering the Origins and Unique Characteristics of the Kaenlupuf Ransomware

MyCERT, an acronym for the Malaysia Computer Emergency Response Team, first developed the Kaenlupuf Ransomware. This is a software security provider that created the Kaenlupuf Ransomware as ransomware Trojan used to educate their staff and associated people. The Kaenlupuf Ransomware was used for exercises in the company. Unfortunately, at some point, the Kaenlupuf Ransomware was leaked and modified into a corrupted variant capable of carrying out effective attacks in the wild. This new variant of the original 2014 version of the Kaenlupuf Ransomware was first released in March 2017 and is being distributed using corrupted spam email attachments.

How the Kaenlupuf Ransomware Attacks a Computer

The Kaenlupuf Ransomware infection targets computer users in Southeast Asia. Fortunately, the con artists were not capable of altering the encryption routine used in the Kaenlupuf Ransomware attack. This means that MyCERT has released an effective decryption tool that can help computer users recover their files. However, it is not unlikely that the Kaenlupuf Ransomware will be further modified to allow it to bypass this tool eventually. Like other ransomware Trojans, the Kaenlupuf Ransomware targets a wide variety of file types in its attack, including audio, video, databases, and many document formats used commonly. The Kaenlupuf Ransomware delivers its ransom note in an HTML file named 'kaenlupuf-note.html,' which is dropped on the infected computer's desktop. The Kaenlupuf Ransomware ransom note contains the following text:

First of all, we congratulate you for being chosen to be among those with the most successful file protection from external threats.
We understand that you need your files immediately. We introduced a special package with affordable price which is as low as 1 Bitcoin only.
Surprised by our offer? So what are you waiting for, register your bitcoin wallet now to get your important files back.
The longer you wait the price will increase. Your files are protected with RSA-2048 bit algorithm. Very good and interesting is it not?
To retrieve your files, follow these steps carefully:
1. Register your account in Bitcoin wallet at the following URL:
2. Use our bitcoin address to transfer your credit:
3. The amount of the payment is as follows:
4. Make sure add your ID when making a transaction.

Protecting Your Computer from the Kaenlupuf Ransomware

The best protection against threats like the Kaenlupuf Ransomware is to have backups of all files either on the cloud or an external memory device. Even through a decryption tool for the Kaenlupuf Ransomware exists, it is entirely possible that new versions of the Kaenlupuf Ransomware that bypass this will be released. More importantly, most ransomware Trojans that are active today use an attack that is nearly identical to the Kaenlupuf Ransomware and, in most cases, no decryption method exists to help computer users recover their data. That means that restoring the affected files from a backup copy remains as the most effective method to help computer users bypass these attacks. Apart from file backups, however, computer users should learn to avoid common distribution methods (such as spam emails) and have installed a reliable security program that is fully up-to- date.

SpyHunter Detects & Remove Kaenlupuf Ransomware

File System Details

Kaenlupuf Ransomware may create the following file(s):
# File Name MD5 Detections
1. netsvc.exe a1f580897095e5a1012d6eabcc1994fe 12


Most Viewed