Kuntzware Ransomware

The Kuntzware Ransomware is a threatening ransomware Trojan that is still under development currently. The Kuntzware Ransomware was first observed on an online anti-virus platform, submitted by its developers. This is a common practice, where con artists will test whether their ransomware Trojans and other threats are capable of evading detection by established anti-virus programs. The Kuntzware Ransomware was observed in late June in an unfinished version, which carries out an encryption attack but is still not configured entirely. In its current state, the Kuntzware Ransomware is capable of encrypting the victim's files but is not capable of connecting to its Command and Control server and demanding a ransom effectively. The Kuntzware Ransomware will encrypt all files on an infected computer, including external memory devices connected to the computer and directories shared on a network. One particularly annoying aspect of the Kuntzware Ransomware is that it also will encrypt the files hosted on the Google Drive, Dropbox, or another cloud platform if the folders are synchronized automatically (which they almost always are).

Another Ransomware Wearing a Mocking Name

The Kuntzware Ransomware's executable file is named 'Kuntz.ext' and is from where the Kuntzware Ransomware's name has been derived. The Kuntzware Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The Kuntzware Ransomware will connect to a remote Command and Control server to receive instructions and carry out the attack effectively. However, in its current form, it seems that the Kuntzware Ransomware is still not capable of doing this. The Kuntzware Ransomware will mark all files affected in the attack by adding the file extension '.kuntzware' to the end of each affected file's name. The Kuntzware Ransomware will target the user-generated files of a variety of types, looking for files associated with commonly used software such as Microsoft Office or Adobe Acrobat, as well as media files such as audio, video and images. One particularly threatening aspect of the Kuntzware Ransomware is that it includes a script that will target the files synchronized with data on the cloud specifically, in an attempt to thwart the computer users' ability to recover by using a backup copy on the cloud.

How the Kuntzware Ransomware Attack Works

There is ransomware that is capable of encrypting data stored on the cloud as a matter of course when the files already targeted in the attack are located in synchronized folders. However, the Kuntzware Ransomware goes one step further and includes a script that searches for this content specifically, in an attempt to ensure that the victim has a hard time recovering the affected data, increasing the likelihood of a ransom payment. The Kuntzware Ransomware may be the first ransomware Trojan that targets data synchronized with the cloud in its encryption attack specifically. Since the Kuntzware Ransomware is in development currently, there is no data regarding its ransom note or ransom amount. However, most ransomware Trojans demand ransom payments between $500 and $1500 USD, that should be paid using Bitcoins for anonymity.

Protecting Your Computer from the Kuntzware Ransomware And Similar Threats

As with all ransomware Trojans, the best protection against the Kuntzware Ransomware and its variants is to have file backups. However, file backups on free cloud options synchronized with a folder on your computer may not be the best solution, since now the Kuntzware Ransomware also targets this content. Make sure that your backup is untouchable, either password protected and not synced, or on an external memory device such as a USB drive or external hard drive, which remains apart from the main computer. Fortunately, today it is not expensive for most computer users to ensure that they have file backups. In fact, file backups are an important part of protecting your computer from threats as security software.