KTC Ransomware

KTC Ransomware Description

Cybercriminals are utilizing a new potent ransomware threat named the KTC Ransomware. The threatening malware appears to be aimed at corporate targets but it can easily infect individual users as well. The threat is equipped with a strong encryption process intended to lock the files found on the compromised devices. The attackers also claim to collect sensitive data before it was encrypted, as part of a double-extortion scheme.

The files affected by the threat will have 'KTC' added to their original names, as a new extension. In addition, a text file carrying a lengthy ransom note from the attackers will be created on the infected computer. The text file's name is 'RESTORE_FILES_INFO.txt.'

Demands Overview

Reading the ransom-demanding message reveals that victims are given only three days to contact the cybercriminals and come to an agreement with them. Otherwise, the attackers threaten to start releasing the data misappropriated from the victim to the public, which may include contracts, finance details, HR data, databases, customers data and more. The information will apparently be posted via the hackers' Twitter and Tumblr accounts. As a communication channel, the hackers recommend reaching out to them through the qTOX chat client.

The full text of KTC Ransomware note is:

'| What happened? |

Your network was ATTACKED, your computers and servers were LOCKED,
Your private data was DOWNLOADED:

  • Contracts
  • Customers data
  • Finance
  • HR
  • Databases

- And more other…

| What does it mean? |

It means that soon mass media, your partners and clients WILL KNOW about your PROBLEM.

| How it can be avoided? |

In order to avoid this issue,

you are to COME IN TOUCH WITH US no later than within 3 DAYS and conclude the data recovery and breach fixing AGREEMENT.

| What if I do not contact you in 3 days? |

If you do not contact us in the next 3 DAYS we will begin DATA publication.

We will post information about hacking of your company on our twitter hxxps://twitter.com/RobinHoodLeaks or tublr hxxps://robinhoodleaks.tumblr.com/

| I can handle it by myself |

It is your RIGHT, but in this case all your data will be published for public USAGE.

| I do not fear your threats! |

That is not the threat, but the algorithm of our actions.
If you have hundreds of millions of UNWANTED dollars, there is nothing to FEAR for you.
That is the EXACT AMOUNT of money you will spend for recovery and payouts because of PUBLICATION.
You are exposing yourself to huge penalties with lawsuits and government if we both don't find an agreement.
We have seen it before cases with multi million costs in fines and lawsuits,

not to mention the company reputation and losing clients trust and the medias calling non-stop for answers.

| You have convinced me! |

Then you need to CONTACT US, there is few ways to DO that.

Secure Method

a) Download a qTOX client: hxxps://tox.chat/download.html
b) Install the qTOX client and register account
c) Add our qTOX ID: 671263E7BC06103C77146A5ABB802A63F53A42B4C4766329A5F04D2660C99A3611635CC36B3A
d) Write us extension of your encrypted files .KTC

Our LIVE SUPPORT is ready to ASSIST YOU on this chat.

| What will I get in case of agreement |

You WILL GET full DECRYPTION of your machines in the network, DELETION your data from our servers,
RECOMMENDATIONS for securing your network perimeter.

And the FULL CONFIDENTIALITY ABOUT INCIDENT.'