Kiwm Ransomware
The Kiwm Ransomware is a threatening software that encrypts data on infected devices, rendering it inaccessible to the device owner. Kiwm Ransomware accomplishes this by executing an encryption routine that targets various file types. Cybercriminals behind this ransomware then demand payment in exchange for a decryption key that can restore the locked files. The threat has been confirmed to be a variant from the STOP/Djvu Ransomware family.
One characteristic that sets the Kiwm Ransomware apart from other variants of its family is its use of the '.kiwm' file extension to mark encrypted files. In addition, cybercriminals have been known to deploy other malicious payloads, such as RedLine and Vidar stealers, alongside the STOP/Djvu Ransomware variants. Once a device is infected with Kiwm Ransomware, victims are presented with a ransom note in the form of a text file named '_readme.txt.'
The Kiwm Ransomware Encrypts Its Victims' Data and Makes It Inaccessible
The ransom note that victims receive when infected with ransomware contains crucial information on how to recover their encrypted files. Specifically, the note provides contact and payment information for the threat actors responsible for the attack. In this case, victims are instructed to reach out to the attackers via 'support@freshmail.top' or 'datarestorehelp@airmail.cc' in order to initiate the data recovery process.
It is important to note that the ransom note emphasizes the need for urgency, as victims are given a 72-hour window to contact the attackers before the price of the decryption software and key doubles from $490 to $980. The note also states that victims can send a single enciphered file to the attackers for free decryption as a demonstration of the decryption software's capability before committing to purchasing the decryption tools.
However, it is important to exercise caution and not pay the ransom. Paying a demanded ransom does not guarantee that the attackers will provide the decryption tools or restore access to the encrypted files. In fact, paying a ransom can result in both the loss of data and money. Therefore, it is strongly advised against paying the ransom and instead to seek alternative methods of data recovery.
Take the Security of Your Devices and Data Seriously
Ransomware attacks are a serious threat to both personal and business data security, and it's important for users to take proactive measures to protect their devices and data from being compromised. Here are some key steps users can take to safeguard against ransomware attacks:
The most important step is to maintain regular backups of their important data, ideally storing them off-site or in the cloud, so they can recover their data if a ransomware attack occurs. Additionally, it's important to keep software and systems up to date since attackers often exploit vulnerabilities in outdated software to install malware on devices.
Users should be watchfull when opening clicking on links or email attachments from unknown or suspicious sources since ransomware is often distributed through phishing attacks. It's also advisable to use spam filters and email scanners to block suspicious messages.
Using a professional anti-malware solution and keeping it up-to-date is also strongly encouraged. Security software is typically able to detect and remove any malicious threats on the devices, including ransomware.
Lastly, users should regularly educate themselves and their employees or family members about the risks of ransomware attacks and how to identify and prevent them. By taking these proactive steps, users can lessen the risk of falling victim to a ransomware attack and protect their devices and data from being held for ransom.
The text of the ransom note dropped by the malware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-lEbmgnjBGi
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
