Konx Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | January 19, 2011 |
| Last Seen: | November 21, 2020 |
| OS(es) Affected: | Windows |
The Konx Ransomware goal is to sneak itself onto the user's computer and then lock it up with a powerful encryption algorithm effectively. Victims will no longer be able to either access or use all of their files including documents, spreadsheets, PDFs, pictures, audio and video files. The Konx Ransomware is a new threatening crypto locker spawned from the VoidCrypt Ransomware family.
Every single file affected by the Konx Ransomware will its name changed drastically. The malware threat appends an email address belonging to the hackers, followed by a unique string of characters representing the victim's ID, and finally '.konx' as a new extension. The email address is 'konxnobx@tutanota.com.' Simultaneously, a text file named '!INFO.HTA' and containing instructions from the criminals responsible for unleashing the Konx Ransomware will be dropped in every folder with encrypted files inside it.
The ransom note doesn't mention the exact sum that the hackers want to extort from their victims in exchange for the decryption tool of key necessary for the restoration of the locked data. It is specified, though, that the payment must be made using Bitcoin, arguably the most popular cryptocurrency. To establish communication, victims are told to send a message to the 'konxnobx@tutanota.com' and if they do not receive an answer, try the reserve email address at 'konxnobx@cock.li.' In an attempt to further scare the users into initiating contact as soon as possible, the Konx Ransomware's note mentions that after 48 hours have passed, the ransom amount will be increased.
The full text of the instructions from the hackers are:
'!!! Your Files Has Been Encrypted !!!
♦ your files has been locked with highest secure cryptography algorithm ♦
♦ there is no way to decrypt your files without paying and buying Decryption tool♦
♦ but after 48 hour decryption price will be double♦
♦ you can send some little files for decryption test♦
♦ test file should not contain valuable data♦
♦ after payment you will get decryption tool ( payment Should be with Bitcoin)♦
♦ so if you want your files dont be shy feel free to contact us and do an agreement on price♦
♦ !!! or Delete you files if you dont need them !!!
♦Your ID :-
our Email :konxnobx@tutanota.com
In Case Of No Answer :konxnobx@cock.li.'
