Threat Database Ransomware Kraken Cryptor Ransomware

Kraken Cryptor Ransomware

By GoldSparrow in Ransomware

The Kraken Cryptor Ransomware, also seen as the KrakenCryptor Ransomware, is a file encoder Trojan that was announced to the wide cybersecurity community on August 21st, 2018. The Kraken Cryptor Ransomware should not be mistaken with the Kraken Ransomware from December 2016 since both threats are unrelated. The KrakenCryptor Trojan is a cyber threat that allows for extensive customizations and targeted attacks on machines with particular keyboard layouts. The Kraken Cryptor Ransomware is observed to target PC users in countries like Armenia (AM), Azerbaijan (AZ), Belarus (BY), Estonia (EE), Georgia (GE), Ian (IR), Kirghistan (KG), Lithuania (LT), Moldova (MD), Russia (RU), Tajikistan (TJ), Ukraine (UA) and Uzbekistan (UZ). The list may be expanded as new versions come to light and you should not wait to install a backup manager onto your system.

The Kraken Cryptor Ransomware is dropped to computers via phishing emails that may look like job applications, business promotions, and package delivery reports from respected online shops. The Kraken Cryptor Ransomware is very similar to the multitude of the Scarab Ransomware variants we reported in the summer of 2018 (Scarab-Crypto, Scarab-Leen, etc.). Lab tests showed that KrakenCryptor encrypts the filenames and data alike. Compromised users may find it hard to distinguish images from MP3 considering that the threat uses the rename pattern -Lock.onion. For example, 'Ini Kamoze-Here Comes the Hotstepper.MP3' might be renamed to '01248912-Lock.onion.' Researchers found that KrakenCryptor may run as 'kraken.exe' on infected machines and feature the description 'Microsoft® Authorization Manager.' The Trojan attempts to terminate processes and services associated with programs like Microsoft Office, MySQL, Oracle Java, Thunderbird, Notepad and Mozilla Firefox. A brief list can be found below:

agntsvcagntsvc, agntsvcencsvc, agntsvcisqlplussvc, dbeng50, dbsnmp, firefoxconfig, msftesql, mydesktopqos, mydesktopservice, mysqld, mysqld-nt, mysqld-opt, ocomm, ocssd, oracle, sqbcoreservice, sqlagent, sqlbrowser, sqlservr, sqlwb, sqlwriter, synctime, tbirdconfig, xfssvccon.

The Kraken Cryptor Ransomware is reported to drop an "advertisement" for a decryptor in '# How to Decrypt Files.txt' and suggest victims write to 'onionhelp@memeware.net' and 'BM-2cWdhn4f5UyMvruDBGs5bk77NsCFALMJKR@bitmessage.ch.' Initially, the decryptor for the data affected by the KrakenCryptor may be priced at 0.125 Bitcoin (≈802 USD/693 EUR), but the price may rise if the threat actors find that their threat has compromised company computers. Unfortunately, the Kraken Cryptor Ransomware uses the AES, RSA, Salsa20, and RC4 ciphers making it virtually impossible to decrypt the data without the proper decryption key. Server administrators and regular PC users alike are encouraged to use backup images and other backup copies to rebuild their files structure safely. AV engines eliminate the objects created by KrakenCryptor and mark them as:

Artemis!1C2BD3BCB860
Artemis!573C2A8D18A0
FileRepMetagen [Malware]
Ransom.Agent!8.6B7 (CLOUD)
Ransom_KRAKEN.THHBBAH
Suspicious_GEN.F47V0820
TR/Genasom.pubrg
TR/Ransom.efijl
TROJ_GEN.F0C2C00HF18
Trojan.GenericKD.31168063
Trojan.GenericKD.40418118
Trojan.Ransom.KrakenCryptor
Trojan:Win32/Tiggre!plock
W32/Trojan.GVRB-2511

KrakenCryptor ransom note:

'ALL YOUR FILES HAS BEEN ENCRYPTED BY KRAKEN CRYPTOR!

What happened to my computer?
All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by KRAKEN CRYPTOR!
The speed, power and complexity of this encryption have been high and if you are now viewing this guide.
It means that KRAKEN CRYPTOR immediately removed form your system!No way to recovery your files without KRAKEN DECRYPTOR software and your computer UNIQUE KEY!
You need to buy it from us because only we can help you!

What the mean is encryption?
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it.
And those who are not authorized cannot.

How can recover my files?
We guarantee that you can recover all your files soon safely.
You can decrypt one of your encrypted smaller file for free in the first contact with us.
For the decryption service, we also need your KRAKEN ENCRYPTED UNIQUE KEY you can see this in the top!
Are you want to decrypt all of your encrypted files? if yes! You need to pay for decryption service to us!
After your payment made, all of your encrypted files has been decrypted.

How much is need to pay?
You need to pay (0.125 BTC), payment only can made as Bitcoins.
This links help you to understand whats is a Bitcoins and how it work:
hxxps://en.wikipedia[.]org/wiki/Bitcoins

How to obtain Bitcoins?
The easiest way to buy Bitcoins is LocalBitcoins website.
You must register on this site and click BUY Bitcoins then choose your country to find sellers and their prices.
hxxps://localBitcoins[.]com/buy_Bitcoins

Other places to buy Bitcoins in exchange for other currencies:
hxxps://Bitcoins.org/en/exchanges

Attention* DON'T MODIFY OR RENAME ENCRYPTED FILES!* DON'T MODIFY KRAKEN ENCRYPTED UNIQUE KEY!* DON'T USE THIRD-PARTY OR PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY!* DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY CANNOT DIRECT DECRYPT YOUR FILES AND CONTACT WITH US, THEY ARE MAY ADD EXTRA CHARGE!> Additional- Project KRAKEN CRYPTOR doesn't damage any of your files, this action is reversible if you follow the instructions above.- Also, our policy is obvious: NO PAYMENT! NO DECRYPT!, if you do not have the ability to pay, we review your terms.
E-Mail : onionhelp@memeware.net
After your payment made, all of your encrypted files has been decrypted.
All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by KRAKEN CRYPTOR!
And those who are not authorized cannot.
Are you want to decrypt all of your encrypted files? if yes! You need to pay for decryption service to us!
For the decryption service, we also need your KRAKEN ENCRYPTED UNIQUE KEY you can see this in the top!
hxxps://Bitcoins[.]org/en/exchanges
hxxps://en.wikipedia[.]org/wiki/Bitcoins
hxxps://localBitcoins[.]com/buy_Bitcoins
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it.
It means that KRAKEN CRYPTOR immediately removed form your system!
No way to recovery your files without KRAKEN DECRYPTOR software and your computer UNIQUE KEY!
Other places to buy Bitcoins in exchange for other currencies:
The easiest way to buy Bitcoins is LocalBitcoins website.
The speed, power and complexity of this encryption have been high and if you are now viewing this guide.
This links help you to understand whats is a Bitcoins and how it work:
We guarantee that you can recover all your files soon safely.
You can decrypt one of your encrypted smaller file for free in the first contact with us.
You must register on this site and click BUY Bitcoins then choose your country to find sellers and their prices.
You need to buy it from us because only we can help you!
You need to pay (0.125 BTC), payment only can made as Bitcoins.'

Related Posts

Trending

Most Viewed

Loading...