Kryptonite Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | June 26, 2017 |
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The Kryptonite Ransomware is an encryption ransomware Trojan. PC security analysts first uncovered the Kryptonite Ransomware while monitoring an online anti-virus platform (con artists may upload early versions of new threats to these platforms to test whether they are capable of evading established anti-virus programs). The Kryptonite Ransomware will change the infected computer's desktop image into a green gem with the word 'KRYPTONITE' written along with a ransom note. The best protection against the Kryptonite Ransomware and its variants is to have file backups, enabling easy and quick recovery of your files after an infection.
Table of Contents
The Kryptonite Ransomware is an Unfinished Threat
Since the Kryptonite Ransomware is in development currently, it is not clear whether the full features of the Kryptonite Ransomware are already present in this attack. The Kryptonite Ransomware, in its current form, is capable of encrypting the victims' data but does not add a new file extension to the files encrypted by the attack (as is the case with many other ransomware Trojans active currently). The files encrypted by the Kryptonite Ransomware attack will become inaccessible, and will no longer be opened normally. The Kryptonite Ransomware targets a wide variety of file types, opting for the user-generated files and avoiding Windows system files. The Kryptonite Ransomware displays its ransom note in a file named 'Ransom Note.txt,' which is dropped on the infected computer. The Kryptonite Ransomware ransom note contains the following message:
Kryptonite Ransomware
All your important files are encrypted
Your files has been encrypted using RSA2048 algorithm with unique public - key stored on your PC.
There is only one way to restore your files : Contact with us, Pay 500$ and get your files back.
To pay us go to http://adsgoogle.eastus2.cloudapp.azure.com:27030/
This is a secured web-site for monetary transactions.
In order to make the transactions you will need the below ID.
After a successful transaction, disable your Anti-Virus and Firewall and run decryptMyFiles.exe as administrator.
You can download the Decryptor from xxxxs://s3.amazonaws.com/adsgoogle/Decrypt/decryptor.exe
Your ID: ***'
There are different versions of the Kryptonite Ransomware ransom note, referencing slightly different recovery methods.
The Kryptonite Ransomware Pretends to be a Popular Game
Several of the things referenced in the Kryptonite Ransomware note are not there yet, making it clear that the current version of the Kryptonite Ransomware is not finished yet. For example, the Kryptonite Ransomware does not have a way to generate the ID number, which is referenced in the Kryptonite Ransomware ransom note. PC security analysts suspect that the main way in which the Kryptonite Ransomware will be distributed is as a free game online named 'Snake.' This commonly played game, delivered in an executable file named 'snake_game.exe,' is loaded in a command window. While the victim plays the game, the Kryptonite Ransomware will encrypt the victim's files, then display a list of the compromised files and change the infected computer's desktop image. The links included in the Kryptonite Ransomware ransom notes are not functional currently, and it is likely that the people responsible for the Kryptonite Ransomware attack will update their attack with new URLs.
Dealing with the Kryptonite Ransomware
The Kryptonite Ransomware displays a payment form. PC security analysts strongly encourage computer users to avoid filling the Kryptonite Ransomware payment form. This information could be used by the people responsible for the Kryptonite Ransomware attack to collect your credit card information and funds from your bank accounts. PC security researchers strongly advise computer users to take precautions against a Kryptonite Ransomware attack. There are several things you can do to ensure that your computer is fully prepared against the Kryptonite Ransomware and other ransomware Trojans:
- Install a reliable security program that is fully up-to-date.
- Have file backups of all your files.
- Establish online security protocols so that computer users are aware of how to handle emails and online content safely.
