KEYPASS Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 308 |
| First Seen: | August 16, 2018 |
| Last Seen: | June 27, 2020 |
| OS(es) Affected: | Windows |
The KEYPASS Ransomware is an encryption ransomware Trojan that first appeared in mid-August 2018. PC security researchers have received reports involving the KEYPASS Ransomware attacks from more than twenty different countries from around the world. The KEYPASS Ransomware has been linked to the GandCrab Ransomware attacks and seems to be associated with attacks that take advantage of poorly protected Remote Desktop Protocol accounts on the victims' computers. Some victims of the KEYPASS Ransomware were hit with two different ransomware threats, although it is still unclear whether the same criminals are responsible for both attacks or if this is the case of different criminal groups targeting the same victims.
The KEYPASS Ransomware Attack is Identical to Countless Other Threats
The KEYPASS Ransomware is a variant of a ransomware threat first observed in February 2018, known as the STOP Ransomware. The KEYPASS Ransomware is nearly identical to many other encryption ransomware Trojans and carries out a typical version of this attack, using the AES encryption to make the victim's files inaccessible and marking all encrypted files with the file extension '.KEYPASS' added to the file's name. The files that threats like the KEYPASS Ransomware target in their attacks include:
.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.
The KEYPASS Ransomware delivers a ransom note in the form of a text file named '!!!KEYPASS DECRYPTION_INFO!!!.txt' dropped on the infected computer's desktop. The text contained on the KEYPASS Ransomware's ransom note reads:
'All your files, documents, photos, databases and other important files are encrypted and have the extension: .KEYPASS
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail keypass@bitmessage.ch send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Price for decryption $300.
This price avaliable if you contact us first 72 hours.
E-mail address to contact us:
keypass@bitmessage.ch
Reserve e-mail address to contact us:
keypass@india.com
Your personal id:
[forty random characters]'
Dealing with the KEYPASS Ransomware
The criminals responsible for the KEYPASS Ransomware demand a ransom payment of 300 USD in Bitcoin. However, computer users should not pay the KEYPASS Ransomware ransom. The best protection against threats like the KEYPASS Ransomware is to have file backups, which can help computer users restore any files compromised by the KEYPASS Ransomware attack. Apart from file backups, computer users are advised to have a reliable security program.
