Kill CryptFILe2 Ransomware
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|20 % (Normal)
|May 2, 2016
|August 22, 2023
The Kill CryptFILe2 Ransomware is an encryption ransomware Trojan that is used to take the victims' files hostage. The Kill CryptFILe2 Ransomware may be installed on the victims' computers automatically. Once the Kill CryptFILe2 Ransomware enters a computer, it encrypts the victims' files by using an asymmetric encryption method. The Kill CryptFILe2 Ransomware changes the names of encrypted files by adding the extension '.id_[VICTIM_ID_[EMAIL].scl,' which incorporates an ID number assigned to the victim's computer and an email address where the victim can receive instructions on paying the ransom and recovering from the infection. The Kill CryptFILe2 Ransomware generates a private key, which is stored on the con artists' servers. This means that its victims cannot access the decryption key unless they pay a ransom.
How the Kill CryptFILe2 Ransomware may Infect a Computer
Currently, the amount of the ransom associated with the Kill CryptFILe2 Ransomware is unknown. The Kill CryptFILe2 Ransomware demands its ransom by changing the victim's Desktop background and dropping text and HTML files in directories where files were encrypted. These files are named HELP_YOUR_FILES.HTML and HELP_YOUR_FILES.TXT. They contain a message asking the victim to email the con artists responsible for the Kill CryptFILe2 Ransomware with their ID number and one encrypted file (so the con artists can prove that they can decrypt the file). Most ransomware threats demand an amount ranging from 0.5 to 1.5 BitCoin, which at the current exchange rates would range from $225 USD to $675 USD. PC security researchers strongly advise computer users to avoid paying the Kill CryptFILe2 Ransomware ransom; a good backup solution will cost only a fraction of the cost associated with ransomware threats like the Kill CryptFILe2 Ransomware. With the marked increase in the ransom amount of these types of attacks, it is essential that computer users invest in backing up their files on an external memory device or the cloud.
The Content of the Kill CryptFILe2 Ransomware Ransom Note
PC security analysts strongly advise that computer users to not pay the Kill CryptFILe2 Ransomware ransom. Computer users cannot be sure that the con artists will honor their promise and decrypt the files after payment has been carried out. More importantly, paying the Kill CryptFILe2 Ransomware's ransom finances these types of activities and allows ransomware to continue being a profitable venture for con artists. Once backing up all files becomes standard, it will no longer be viable to create these kinds of threats. The following is an example of the ransom note used by the Kill CryptFILe2 Ransomware and similar threats:
NOT YOUR LANGUAGE? USE hxxps://translate.google.com
What happened to your files?
All of your files were protected by a strong encryption with RSA-2048. More information about the encryption keys RSA-2048 can be found here: hxxp://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen?
!!!Specially for your PC was generated personal RSA-2048 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our Secret Server.
What do I do?
So, there are two ways you can choose: wait for a miracle and get your pride doubled, or start obtaining BITCOIN NOW!, and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
For more specific instructions:
Contact is by email only, send us an email along with your ID number and wait for further instructions. Our specialist will contact you within 12 hours. For you to be sure, that we can decrypt your files - you can send us a single encrypted file and we will send you back it in a decrypted form. This will be your guarantee.
The Kill CryptFILe2 Ransomware targets more than 1200 types of file extensions. The following are some examples of the types of files that may be encrypted by the Kill CryptFILe2 Ransomware threat:
.doc, .ppt, .xls, .7z, .java, .php, .odc, .rar, .raw, .wav, .zip, .wallet.