Threat Database Ransomware KCTF Locker Ransomware

KCTF Locker Ransomware

The KCTF Locker Ransomware is an encryption ransomware Trojan. The KCTF Locker Ransomware includes a message that claims that the KCTF Locker Ransomware is part of a computer security competition or exercise and it was developed for educational purposes. However, this does not sound as a legitimate claim. Several features of the KCTF Locker Ransomware are implemented poorly. PC security researchers suspect that inexperienced Japanese criminals have created the KCTF Locker Ransomware.

Is the KCTF Locker Ransomware an Educator?

The KCTF Locker Ransomware has several features that make it likely that it was developed in Japan or with a regional attack in mind. The KCTF Locker Ransomware's ransom note is written in Japanese, and PC security researchers have studied samples of the KCTF Locker Ransomware that were uploaded to the Web from IP addresses located in eastern Asia. The KCTF Locker Ransomware uses the XOR encryption to make the victim's files inaccessible, taking them hostage in the same way as most encryption ransomware Trojans active today do. The KCTF Locker Ransomware targets the user-generated files, which may include text files, images, videos and numerous other file types. Threats like the KCTF Locker Ransomware typically target the following files in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The KCTF Locker Ransomware will make the damaged files recognizable by marking them with the file extension '.DWG' added to the affected file's name. The KCTF Locker Ransomware delivers a ransom note in the form of a dialog box, which it will display on the affected computer, written in Japanese. The KCTF Locker Ransomware ransom note, translated from Japanese into English reads:

'Your data has been encrypted.
If you want to restore, please pay 10 BTC below
3AmD4gsD9kUe7GEvNra6gNm2ALBF9KrLzv'

This ransom is extraordinarily high, well above 60,000 USD at the current exchange rate. This may indicate the profile of the targets that the criminals responsible for the KCTF Locker Ransomware are trying to reach.

Protecting Your Data from Threats Like the KCTF Locker Ransomware

The best protection against threats like the KCTF Locker Ransomware is to have file backups stored on safety devices. Apart from file backups, an up-to-date security program will be a precious help when dealing with threat infections. Although it is likely that the KCTF Locker Ransomware's developers do not have many resources or programming skills, the KCTF Locker Ransomware is effective in taking the victim's files away, and it is important that computer users ensure that their data is well protected from these attacks.

Trending

Most Viewed

Loading...