Threat Database Ransomware Keep Calm Ransomware

Keep Calm Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 102
First Seen: July 18, 2017
Last Seen: August 4, 2021
OS(es) Affected: Windows

The Keep Calm Ransomware uses a Custom AES encryption algorithm to encrypt its victims' files, and take them hostage. Once the victim's files are encrypted, the Keep Calm Ransomware demands a ransom of 0.1 BTC (approximately $250 USD) in exchange for the decryption key needed to recover the affected files. The Keep Calm Ransomware is based on EDA2, an open source ransomware platform that has been available to the public since May 2016. EDA2 has been the basis for countless ransomware Trojans since its release, including the Keep Calm Ransomware itself. The Keep Calm Ransomware was first observed on July 18, 2017, and was seen delivered as an attachment in spam email messages, as well as disguised as a serial number generator for illegally copied software.

How to Keep Calm Having Your Crucial Files Unaccessible?

The Keep Calm Ransomware will change the victim's Desktop image during its attack so that it will display an image of a pirate flag, as well as a ransom note that may be contained in a text file also delivered to the victim. The Keep Calm Ransomware's desktop image includes the phrase 'Keep Calm and Recover Your Files.' Regretfully, due to the strength of the encryption method used by the Keep Calm Ransomware in its attack, it is not possible to restore the files encrypted by the Keep Calm Ransomware attack through brute force decryption.

The Keep Calm Ransomware Ransom Note and Encryption Process

In its attack, the Keep Calm Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. The files encrypted by the Keep Calm Ransomware attack will be marked with the file extension '.locked' that it will add to the end of each file's name. The Keep Calm Ransomware will target the following file types for encryption during its attack:

.3df8, .3gp2, .accdb, .adpb, .amxx, .ascx, .ashx, .asmx, .bmp, .cctor, .ctor, .ddcx, .disk, .divx, .djvu, .docm, .docx, .dotm, .dotx, .exe, .exif, .gthr, .gzig, .html, .indd, .itdb, .java, .jfif, .jiff, .jpeg, .mbox, .mpeg, ,pdf, .potm, .potx, .ppsm, .ppsx, .pptm, .pptx, .rsrc, .shar, .tax2013, .tax2014, .tbz2, .text, .thmx, .upoi, .wave, .wdgt, .wma, .wmdb, .wmmp, .xlam, .xlsb, .xlsm, .xlsx, .xltx, .xlwx, .xvid, .zipx.

After encrypting the victim's files, the Keep Calm Ransomware will download and display a ransom notification, warning the victim of the attack and demanding the payment of a ransom. The full text of the Keep Calm Ransomware ransom notification reads as follows:

+We are the only ones in the world that can provide your files for you!
+When your PC was hacked, the files were encrypted and sent to a server we control!
+You must send 0.1 BTC about 250 USD to
+Within 1 week from now to retrieve your files and prevent them from being leaked!
+When you have sent payment, please send email to with:
1) Date Transaction
2) PC's Name
3) Email to send you the KEY
+Once we confirm the transaction, we'll send email with the key and the process to decrypt all your files
+Check your spam looking for Email Subject: AES Key lucky guy!
+You can purchase BITCOINS from many exchanges such as:

or google for your country
*We are business people and treat customers well if you follow what we ask
*Remember your email is one-way, so don't do anything stupid
*And please don't waste time trying to decrypt with some local service, without the key is impossible, we use AES encryption
Thank you for your cooperation

Dealing with the Keep Calm Ransomware

The best protection against ransomware like the Keep Calm Ransomware is to have file backups. If computer users have backup copies of the encrypted files, then the con artists lose any power over the victim that allows them to demand a ransom payment. Apart from file backups, PC security analysts advise computer users also have a reliable, fully updated security application.

SpyHunter Detects & Remove Keep Calm Ransomware

File System Details

Keep Calm Ransomware may create the following file(s):
# File Name MD5 Detections
1. 248c960c1ae54103dea5bfae924f28e2.exe 248c960c1ae54103dea5bfae924f28e2 12


Most Viewed