Krypton Ransomware

The Krypton Ransomware is an encryption ransomware Trojan that was first observed on January 8, 2018. The Krypton Ransomware is delivered in spam email messages. Victims will receive an email message containing an attached Microsoft Word file, which uses embedded macro scripts to download and install the Krypton Ransomware onto the victim's computer. It seems, however, that the Krypton Ransomware is still in a testing phase since in its current version the Krypton Ransomware will not encrypt the entire victims' hard drive, as it is supposed to. Rather, the Krypton Ransomware will limit its attack to one particular test directory on the infected computer. However, it would be fairly simple to modify the Krypton Ransomware so that it will encrypt the victim's entire file system, and it is not unlikely that a full version of the Krypton Ransomware will be released shortly, which will be capable of carrying out a full attack.

The 'Kryptonite' that can Knock Down Your Files Forever

The Krypton Ransomware is based on HiddenTear, an open source ransomware Trojan created in August 2015 that, since its release, has spawned countless variants and accounts for the majority of ransomware attacks due to its easy availability currently. Cybercrooks will take the HiddenTear's code and modify it for their different attacks frequently. This is because the Krypton Ransomware carries out an effective and irreversible ransomware attack. The Krypton Ransomware will mark the files encrypted in its attack by adding the file extension '.kryptonite' to each affected file's name. The file types that may be at risk in these attacks, which will focus on the user-generated files while avoiding Windows system files and similar content on the infected computer are:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Krypton Ransomware’s Ransom Demands and Note

The Krypton Ransomware demands a ransom payment by delivering a text file named 'KRYPTON_RANSOMWARE.txt.' This file is dropped on the infected computer's desktop. This is one of the reasons why ransomware Trojans like the Krypton Ransomware do not affect Windows system files or applications. They require the operating system to remain functional after the attack so that the victim can read a ransom note and make a payment. If the affected computer stops working entirely, then the cybercrooks would not be able to demand a ransom payment from the victim. The Krypton Ransomware demands the oddly specific amount of 158 USD from the victim, which should be paid in Bitcoin. The short message contained in the Krypton Ransomware's ransom note reads:

'All your files have been encrypted by the Krypton Ransomware
Please pay 158$ USD in Bitcoin to us and we will decrypt your files.
Not paying after 1 week (168 hours) will result in a loss of all your files.'

The Krypton Ransomware also will change the infected computer's desktop image, replacing it with a picture that displays the same message on the victim's computer, apart from this text file.

Protecting Your Data from the Krypton Ransomware

Fortunately, the Krypton Ransomware in its current form is not capable of carrying out an effective attack. Unfortunately, there are countless other ransomware Trojans that are similar to the Krypton Ransomware and still causing a lot of distress all around the world. Protect your data by having file backups on the cloud or an external memory device.