Threat Database Ransomware Kill CryptFILe2 Ransomware

Kill CryptFILe2 Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 14,605
Threat Level: 20 % (Normal)
Infected Computers: 115
First Seen: May 2, 2016
Last Seen: August 22, 2023
OS(es) Affected: Windows

The Kill CryptFILe2 Ransomware is an encryption ransomware Trojan that is used to take the victims' files hostage. The Kill CryptFILe2 Ransomware may be installed on the victims' computers automatically. Once the Kill CryptFILe2 Ransomware enters a computer, it encrypts the victims' files by using an asymmetric encryption method. The Kill CryptFILe2 Ransomware changes the names of encrypted files by adding the extension '.id_[VICTIM_ID_[EMAIL].scl,' which incorporates an ID number assigned to the victim's computer and an email address where the victim can receive instructions on paying the ransom and recovering from the infection. The Kill CryptFILe2 Ransomware generates a private key, which is stored on the con artists' servers. This means that its victims cannot access the decryption key unless they pay a ransom.

How the Kill CryptFILe2 Ransomware may Infect a Computer

Currently, the amount of the ransom associated with the Kill CryptFILe2 Ransomware is unknown. The Kill CryptFILe2 Ransomware demands its ransom by changing the victim's Desktop background and dropping text and HTML files in directories where files were encrypted. These files are named HELP_YOUR_FILES.HTML and HELP_YOUR_FILES.TXT. They contain a message asking the victim to email the con artists responsible for the Kill CryptFILe2 Ransomware with their ID number and one encrypted file (so the con artists can prove that they can decrypt the file). Most ransomware threats demand an amount ranging from 0.5 to 1.5 BitCoin, which at the current exchange rates would range from $225 USD to $675 USD. PC security researchers strongly advise computer users to avoid paying the Kill CryptFILe2 Ransomware ransom; a good backup solution will cost only a fraction of the cost associated with ransomware threats like the Kill CryptFILe2 Ransomware. With the marked increase in the ransom amount of these types of attacks, it is essential that computer users invest in backing up their files on an external memory device or the cloud.

The Content of the Kill CryptFILe2 Ransomware Ransom Note

PC security analysts strongly advise that computer users to not pay the Kill CryptFILe2 Ransomware ransom. Computer users cannot be sure that the con artists will honor their promise and decrypt the files after payment has been carried out. More importantly, paying the Kill CryptFILe2 Ransomware's ransom finances these types of activities and allows ransomware to continue being a profitable venture for con artists. Once backing up all files becomes standard, it will no longer be viable to create these kinds of threats. The following is an example of the ransom note used by the Kill CryptFILe2 Ransomware and similar threats:

What happened to your files?
All of your files were protected by a strong encryption with RSA-2048. More information about the encryption keys RSA-2048 can be found here: hxxp://
How did this happen?
!!!Specially for your PC was generated personal RSA-2048 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our Secret Server.
What do I do?

So, there are two ways you can choose: wait for a miracle and get your pride doubled, or start obtaining BITCOIN NOW!, and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
For more specific instructions:
Contact is by email only, send us an email along with your ID number and wait for further instructions. Our specialist will contact you within 12 hours. For you to be sure, that we can decrypt your files - you can send us a single encrypted file and we will send you back it in a decrypted form. This will be your guarantee.

The Kill CryptFILe2 Ransomware targets more than 1200 types of file extensions. The following are some examples of the types of files that may be encrypted by the Kill CryptFILe2 Ransomware threat:
.doc, .ppt, .xls, .7z, .java, .php, .odc, .rar, .raw, .wav, .zip, .wallet.


Most Viewed