Kizu Ransomware
An in-depth analysis of the Kizu malware threat has definitively classified it as ransomware. As with all ransomware variants, Kizu operates by encrypting files stored on the targeted devices, rendering them inaccessible to the users. In addition, Kizu employs appends the '.kizu' extension to the original filenames of the encrypted files. For instance, if a file were originally named '1.jpg,' after being encrypted by Kizu, it would be renamed to '1.jpg.kizu.' This behavior firmly places Kizu within the ransomware category and establishes its destructive capabilities.
Kizu also is a part of the notorious STOP/Djvu malware family. Once the malware infects a system, it drops a ransom note named '_readme.txt' in each directory containing encrypted files. This ransom note serves to notify victims that their files have been encrypted and outlines the conditions for obtaining the decryption key. The attackers behind Kizu demand a ransom payment from the victims in exchange for restoring access to the locked files.
It is essential to keep in mind that the STOP/Djvu Ransomware family is often distributed in conjunction with other malware strains. Among these additional threats are information stealers like RedLine and Vidar, which are known for their ability to pilfer sensitive data from compromised systems. As a result, victims of the Kizu Ransomware may have more than just their files held hostage; they may also have fallen victim to data theft, potentially leading to further security breaches and personal information exposure.
The Kizu Ransomware Locks Files and Demands the Payment of a Ransom
The ransom note left by the Kizu Ransomware makes it clear that the victim's files have been encrypted and can only be restored by paying a ransom. More specifically, the attackers demand to be paid the sum of $980. However, there is a limited-time offer mentioned in the note: if victims contact the attackers within 72 hours of the encryption, they will get a 50% discount, reducing the price to $490. The ransom note strongly emphasizes that file restoration will remain impossible without making the ransom payment.
As a demonstration of their capability, the threat actor offers to decrypt a single file at no cost. This is likely done to prove that they indeed possess the means to unlock the encrypted files. The ransom note provides two email addresses, 'support@freshmail.top' and 'datarestorehelp@airmail.cc,' through which the victim can establish contact with the attackers and initiate the negotiation process.
It is crucial to highlight that paying the ransom demanded by ransomware threat actors is strongly discouraged, as there is no guarantee that the attackers will honor their promises and provide the decryption key. There have been numerous instances where victims paid the ransom but did not receive the necessary tools to restore their files.
Moreover, it is of utmost importance to take immediate action to remove the ransomware from the affected systems. Failure to do so may lead to additional data loss, as ransomware can continue encrypting files and may even spread to other computers connected to the same local network.
Take Precautionary Measures against Ransomware Threats
Protecting devices and data from ransomware threats requires a proactive and multi-layered approach. Here are some security measures available to users that can help safeguard their systems:
- Keep Software Up-to-Date: Regularly update the operating system, applications, and security software on your devices. Software updates often include patches to fix vulnerabilities that could be exploited by ransomware and other malware.
- Install Anti-Malware Software: Use reputable anti-malware solutions to detect and prevent ransomware infections. Keep the software definitions up-to-date to ensure optimal protection.
- Enable Firewall: Enable the built-in firewall on your devices, as it acts as a barrier between your network and potential threats, reducing the chances of malware infiltration.
- Be Cautious with Email Attachments and Links: Avoid opening email attachments or clicking on links from unknown or suspicious senders. Ransomware is often delivered through phishing emails.
- Backup Your Data Regularly: Create and maintain regular backups of your important files on an external drive or a secure cloud storage service. This way, even if your files get encrypted by ransomware, you can restore them from a safe backup source.
- Enable Macro Security: Configure your office applications (e.g., Microsoft Office) to block macros from running automatically. Many ransomware strains use malicious macros to infect systems.
- Educate Users: Educate yourself and other users about ransomware threats, safe online practices, and the importance of remaining vigilant against potential attacks.
By adopting these security measures and maintaining a proactive stance towards cybersecurity, users can significantly reduce the risk of falling victim to ransomware threats and protect their devices and valuable data.
Victims of the Kizu Ransomware are left with the following ransom note:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-lOjoPPuBzw
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
