Kromber Ransomware

By CagedTech in Ransomware

Translate To:

A brand new ransomware threat has recently surfaced. It is called the Kromber Ransomware, and upon further research, it appears that this file-encrypting Trojan is a variant of the Matrix Ransomware.

Infiltrating Your Computer

Security researchers have been unable to pinpoint what infection vector is being employed in the propagation of the Kromber Ransomware. Some, however, speculate that some of the propagation methods which may be at play in the spreading of the Kromber Ransomware may be infected pirated applications, emails containing macro-laced attachments and bogus software updates. The Kromber Ransomware performs a scan as soon as it infiltrates a machine. This is how the threat detects the location of the files, which will be locked later. Then, the Kromber Ransomware triggers the encryption process. A file. which is encrypted by this data-locking Trojan, will have its name altered. This threat adds a ‘.[Kromber@tutanota.com]’ extension to the newly encrypted files. For example, a file which you had named ‘chriping-parrot.jpeg’ initially will be renamed to ‘chirping-parrot.jpeg.[Kromber@tutanota.com].’

The Ransom Note

The next phase of the attack is the ransom note drop. The Kromber Ransomware’s note is named ‘#_#ReadMe#_#.rtf’ and is rather lengthy and here is an excerpt of it:

’WHAT HAPPENED WITH YOUR FILES?
Your documents, databases, backups, network folders and other important files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here: http://en.wiki pedia.org/wiki/RSA_(cryptosystem) http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
It means that you will not be able to access them anymore until they are decrypted with your personal decryption key! Without your personal key and special software data recovery is impossible! If you will follow our instructions, we guarantee that you can decrypt all your files quickly and safely!
You really want to restore your files? Please write us to the e-mails:
Kromber@tutanota.com
Kromber@protonmail.com
Kromber@india.com
In subjectline of your message write your personal ID:
38EF7E4E3BFBB10E
We recommend you to send your message ON EACH of OUR 3 EMAILS, due to the fact that the message may not reach their intended recipient for a variety of reasons!’

The authors of the Kromber Ransomware do not mention what the ransom fee is. They require the victim to contact them via email and give out three email addresses – ‘Kromber@tutanota.com,’ ‘Kromber@protonmail.com,’ ‘Kromber@india.com.’ They also offer the user to get in touch via Bitmessage at ‘https://bitmsg.me’ and go on to explain how to register an account there and contact them. The creators of the Kromber Ransomware claim that they have employed the RSA-2048 and AES-128 encryption algorithms to lock the victim’s data. The user is offered to send three files, which would be decrypted for free, as long as they are smaller than 5MB in size, in total.

It is never recommended to contact cybercriminals. They will use social engineering tricks to get you to pay them your hard-earned cash and will likely end up not delivering on their end of the deal. Instead, you should look into obtaining a reputable anti-malware application, which will remove the Kromber Ransomware from your PC.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Kromber Ransomware

Infiltrating Your Computer

The Ransom Note

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen