'.krypted File Extension’ Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | March 14, 2016 |
| Last Seen: | April 25, 2020 |
| OS(es) Affected: | Windows |
The '.krypted File Extension' Ransomware is a ransomware Trojan that has been active since early 2016. The '.krypted File Extension' Ransomware is one of many variants of TeslaCrypt that were released in early 2016. Although TeslaCrypt has been active since 2014, the version 3.0 of this threat was released in early 2016, along with numerous variants differing slightly in their ransom notes and extensions used to identify the encrypted files. TeslaCrypt 3.0 fixes a vulnerability that had allowed PC security researchers to decrypt encrypted files previously. The '.krypted File Extension' Ransomware and newer variants of this threat no longer have this vulnerability, meaning that computer users will now have to pay the ransom or recover their files even from a backup. Looks like the '.krypted File Extension' Ransomware and the numerous newer versions of this threat coincide with the launch of TeslaCrypt 3.0 as RaaS (Ransomware as a Service).
How the '.krypted File Extension' Ransomware may Infect a Computer
Ransomware Trojans like the '.krypted File Extension' Ransomware are fairly predictable. The '.krypted File Extension' Ransomware may be delivered through the use of corrupted email attachments. When computer users click on the attached file, the ransomware Trojan is delivered to the user's computer. The '.krypted File Extension' Ransomware starts scanning the user's computer immediately looking for files that match a list of extensions in its configuration files. The '.krypted File Extension' Ransomware and other TeslaCrypt variants may encrypt files with the following extensions:
.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.
The '.krypted File Extension' Ransomware may update this list, adding new targeted files. The '.krypted File Extension' Ransomware will encrypt the files it finds using AES encryption and will change each file's extension to 'KRYPTED.' Apart from this, the '.krypted File Extension' Ransomware drops text, image, and HTML files in folders where files were encrypted. These files contain information on how to pay the '.krypted File Extension' Ransomware ransom.
PC security researchers strongly advise computer users against paying the '.krypted File Extension' Ransomware ransom. There is absolutely no guarantee that the con artists will restore the encrypted files. Furthermore, paying this ransom enables these people to continue carrying out these attacks and targeting new computer users. Instead, it is advisable to back up all files to an external drive or on the cloud. Below is an example of a ransom note that has been associated with the '.krypted File Extension' Ransomware:
"You've been KryptoLocked!
All of your files have been encrypted and sent to our secure server.
You can verify this by checking your files.
Encryption was produced using a unique public key generated for this computer.
To your decrypt files, you need to obtain your private key.
To obtain your private key you will need to pay the fee of 1 BTC.
Upon payment you will receive your key and decrypter. We will also delete your files from our server.
This is a very straight forward process and you can recover your files within minutes.
There is no other way to recover the files without the unique private key.
To recover your files please get in touch by email: krypted@riseup.net"
SpyHunter Detects & Remove '.krypted File Extension’ Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | file.exe | 23fb59ad1eb4be42f91c3d58c63ac67b | 2 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.