Kromber Ransomware Description
A brand new ransomware threat has recently surfaced. It is called the Kromber Ransomware, and upon further research, it appears that this file-encrypting Trojan is a variant of the Matrix Ransomware.
Infiltrating Your Computer
Security researchers have been unable to pinpoint what infection vector is being employed in the propagation of the Kromber Ransomware. Some, however, speculate that some of the propagation methods which may be at play in the spreading of the Kromber Ransomware may be infected pirated applications, emails containing macro-laced attachments and bogus software updates. The Kromber Ransomware performs a scan as soon as it infiltrates a machine. This is how the threat detects the location of the files, which will be locked later. Then, the Kromber Ransomware triggers the encryption process. A file. which is encrypted by this data-locking Trojan, will have its name altered. This threat adds a ‘.[Kromber@tutanota.com]’ extension to the newly encrypted files. For example, a file which you had named ‘chriping-parrot.jpeg’ initially will be renamed to ‘chirping-parrot.jpeg.[Kromber@tutanota.com].’
The Ransom Note
The next phase of the attack is the ransom note drop. The Kromber Ransomware’s note is named ‘#_#ReadMe#_#.rtf’ and is rather lengthy and here is an excerpt of it:
’WHAT HAPPENED WITH YOUR FILES?
Your documents, databases, backups, network folders and other important files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here: http://en.wiki pedia.org/wiki/RSA_(cryptosystem) http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
It means that you will not be able to access them anymore until they are decrypted with your personal decryption key! Without your personal key and special software data recovery is impossible! If you will follow our instructions, we guarantee that you can decrypt all your files quickly and safely!
You really want to restore your files? Please write us to the e-mails:
In subjectline of your message write your personal ID:
We recommend you to send your message ON EACH of OUR 3 EMAILS, due to the fact that the message may not reach their intended recipient for a variety of reasons!’
The authors of the Kromber Ransomware do not mention what the ransom fee is. They require the victim to contact them via email and give out three email addresses – ‘Kromber@tutanota.com,’ ‘Kromber@protonmail.com,’ ‘Kromber@india.com.’ They also offer the user to get in touch via Bitmessage at ‘https://bitmsg.me’ and go on to explain how to register an account there and contact them. The creators of the Kromber Ransomware claim that they have employed the RSA-2048 and AES-128 encryption algorithms to lock the victim’s data. The user is offered to send three files, which would be decrypted for free, as long as they are smaller than 5MB in size, in total.
It is never recommended to contact cybercriminals. They will use social engineering tricks to get you to pay them your hard-earned cash and will likely end up not delivering on their end of the deal. Instead, you should look into obtaining a reputable anti-malware application, which will remove the Kromber Ransomware from your PC.
Do You Suspect Your PC May Be Infected with Kromber Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Kromber Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.