Kripto64 Ransomware

The Kripto64 Ransomware is a ransomware Trojan that is based on Hidden Tear, an open source ransomware engine that was first released in 2015. The Kripto64 Ransomware seems to target computer users in the Middle East, with the particular version of the Kripto64 Ransomware observed by PC security researchers using a ransom note written in Turkish. Despite the fact that the Kripto64 Ransomware is designed to target computer users in a particular part of the world specifically, there is nothing preventing the Kripto64 Ransomware from spreading to computers everywhere else. The most common way in which the Kripto64 Ransomware is distributed is by including it as an email attachment in the form of documents that use corrupted macro scripts attached to spam email messages disguised as social media notifications.

The Dreaded Effects of the Kripto64 Ransomware

It is always a must-do to avoid opening spam email messages or email attachments from unknown sources. When computer users open the file containing the Kripto64 Ransomware, the Kripto64 Ransomware is installed in the form of an executable file named 'Kripto.exe' in the AppData directory on the infected computer. The Kripto64 Ransomware uses the AES 256 encryption to make the victim's files inaccessible completely. Furthermore, to prevent PC security researchers from studying its contents, the Kripto64 Ransomware itself uses a heavy obfuscation. The Kripto64 Ransomware tactic is simple, and common to most encryption ransomware Trojans: the Kripto64 Ransomware will encypherthe victim's files to demand a ransom payment in exchange for the decryption key. Unlike many other ransomware Trojans, the Kripto64 Ransomware does not mark the files that have been encrypted by changing their name or adding an extension to their original names. During its attack, the Kripto64 Ransomware targets the following file types:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, .CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD, .WMV, .XLS, .XLSX, .XPS, .XML, .CKP, .ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The Kripto64 Ransomware communicates with its Command and Control server to receive configuration instructions and to relay information about the infected computer. The Kripto64 Ransomware delivers its ransom note in the form of a program window with the name '!!! Dikkat !!!' This program window contains the Kripto64 Ransomware's ransom note, which is written in Turkish. Below is the Kripto64 Ransomware's ransom note translated to English:

'ATTENTION: All files on the computer were encrypted!
For decryption of files from you a one-time payment of 500 TL is required.
As soon as you pay, we will connect to your system and unlock the files.
*** We are missing ***
If you do not pay in 5 days before [DATE], then your computer will be destroyed!'

One aspect of the Kripto64 Ransomware that has caught some attention is that the Kripto64 Ransomware also will use a screen locker component. Some computer users have reported that the Kripto64 Ransomware's ransom note will double as a screen locker, preventing computer users from accessing their machines until the ransom is paid.

Dealing with the Kripto64 Ransomware

Unfortunately, the files that have been encrypted in the Kripto64 Ransomware attack may not be recoverable. Because of this, it is paramount that PC users take preventive steps to ensure that their data is safe from attacks like the Kripto64 Ransomware. Having backup copies of all files can help victims' be certain that their data is safe from the Kripto64 Ransomware attack completely. The people responsible for the Kripto64 Ransomware attack lose all the power over their victims since they can recuperate their files from the backup copy easily without needing to pay the ransom amount.