KUKANOS Ransomware
Infosec researchers are warning users about a potent ransomware threat named KUKANOS. Analysis of the malware's underlying code and overall behavior reveals that it is part of the ZEPPELIN ransomware family. Despite being a variant of an already detected ransomware threat, KUKANOS' intrusive capabilities can leave its victims scrambling to deal with the consequences of the attack.
As a ransomware threat, KUKANOS utilizes an uncrackable cryptographic algorithm to lock the files of its victims. Although the malware appears to be specifically targeting corporate entities it could as easily be deployed against individual users.
The first signs of the attack that users are likely to notice involve significant changes to the names of the encrypted files. Each locked file will have '.@KUKANOS.[ID String] appended as a new file extension. The ID string is unique for each victim of the threat. Finally, a ransom note will be dropped on the infected device. The hackers will place their instructions inside a text file named '!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT.' The file will be created on the desktop of the system.
Ransom Note Details
The note reveals that the cybercriminals behind the KUKANOS Ransomware threat are running a double-extortion scheme. Apart from locking the data of their victims, the hackers also claim to steal sensitive corporate information. According to the note, the attackers may have obtained employee details, CVs, SSN, clients data, financial reports, bank statements, and more. If the victims refuse to meet the demands of the hackers, the exfiltrated files will be released to the public.
To receive additional details such as the size of the ransom and how the funds are supposed to be transferred, victims are instructed to initiate contact with the attackers. Apparently, the soon that communication is established, the better the terms of the extortion will be. The note provides two different communication channels. One involves sending an email to 'kukanossosanos@onionmail.org.' Alternatively, victims can install the ICQ chat app and message the cybercriminals' ICQ account.
The full text of the KUKANOS ransom note is:
Hello my dear friend
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them,write to our mail kukanossosanos@onionmail.org
Also you can write ICQ live chat which works 24/7 @KUKANOSSOSANOS
Install ICQ software on your PC hxxps://icq.com/windows/ or on your mobile phone search in Appstore / Google market ICQ
Write to our ICQ @KUKANOSSOSANOS hxxps://icq.im/KUKANOSSOSANOS
Attention!
- Do not rename encrypted files.
- Do not try to decrypt your data using third party software, it may cause permanent data loss.
- We are always ready to cooperate and find the best way to solve your problem.
- The faster you write, the more favorable the conditions will be for you.
- Our company values its reputation. We give all guarantees of your files decryption,such as test decryption some of them
We respect your time and waiting for respond from your side
tell your unique ID:
Sensitive data on your system was DOWNLOADED.
If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly.
Data includes:
- Employees personal data, CVs, DL, SSN.
- Complete network map including credentials for local and remote services.
- Private financial information including: clients data, bills, budgets, annual reports, bank statements.
- Manufacturing documents including: datagrams, schemas, drawings in solidworks format
- And more…
