Kristina Ransomware
The Kristina Ransomware is a variant of the Crypt12 Ransomware that was documented for the first time on August 15th, 2017. The build at hand is dubbed Kristina Ransomware due to the ransom notification being displayed as a program window titled 'KristinaSC L1.0.' The Kristina Ransomware made an appearance on the threat radar on November 2nd almost two months after the original Trojan was released to users. The threat authors behind the ransomware campaign continue to use spam emails and macros to install the Trojan on remote systems.
The new variant is not very different from the source-code and even uses the same file marker — 'crypt12'. The threat is reported to encrypt images, office documents, eBooks, audio, videos and databases. The encrypted data features a custom marker that follows the model '[victim’s-id]-[developer’s-email].crypt12' and a file like 'Nitrogen-14 isotope.pptx' might be renamed to 'Nitrogen-14 isotope.pptx.81796031898-hernansec@protonmail.ch.crypt12.' Compromised users are presented with the 'KristinaSC L1.0' program window after the Kristina Ransomware has encrypted their data and deleted the Shadow Volume Copies that Windows keeps in case they need to recover some files. The message on the screen is likely to offer the following text:
'KRISTINA crypto system
crypted: [NUMBER OF ENCRYPTED FILES]
[LIST OF ENCRYTPED FILES]
Your files Have Been Crypted email to: hernansec@protonmail.ch for instructions'
The threat is reported to run as 'KristinaCS.exe' on infected systems and suggest users write an email to 'hernansec@protonmail.ch,' which is supposed to be operated by the Kristina Ransomware team. Cybersecurity experts advise users to refrain from contacting the threat authors. The encrypted data can be recovered by means of backup images and system recovery disks. The payment of the ransom is not guaranteed to result in a peaceful exchange of money and a decryptor. It is a must to have a reliable backup tool in modern days considering that the ransomware business can be very lucrative.
SpyHunter Detects & Remove Kristina Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | e21ea18f16179b8edbf88ce2162ff106 | 0 |
| 2. | file.exe | 30b5a07bb84e84b0769fc96402ecef3a | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.