'.kvllyatprotonmaildotch File Extension' Ransomware
The '.kvllyatprotonmaildotch File Extension' Ransomware is an encryption ransomware Trojan first observed on August 28, 2018. The '.kvllyatprotonmaildotch File Extension' Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible. The '.kvllyatprotonmaildotch File Extension' Ransomware, as with most encryption ransomware Trojans of this type, is commonly delivered to victims by way of damaged email attachments, often in the form of Microsoft Office files with embedded macro scripts that download and install the '.kvllyatprotonmaildotch File Extension' Ransomware on the infected computer.
How the '.kvllyatprotonmaildotch File Extension' Ransomware Carries Out Its Attack
The '.kvllyatprotonmaildotch File Extension' Ransomware targets the user-generated files in its attack, which may include numerous media files, documents, databases, and various other file types. The files types that are typically compromised in encryption ransomware attacks similar to the '.kvllyatprotonmaildotch File Extension' Ransomware include:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The '.kvllyatprotonmaildotch File Extension' Ransomware uses an encryption method that makes the damaged files easy to recognize since the '.kvllyatprotonmaildotch File Extension' Ransomware will add the file extension '.kvllyatprotonmaildotch' to each file compromised by the '.kvllyatprotonmaildotch File Extension' Ransomware infection.
How Criminals may Profit from a '.kvllyatprotonmaildotch File Extension' Ransomware Infection
Once the '.kvllyatprotonmaildotch File Extension' Ransomware has finished encrypting the victim's files, the '.kvllyatprotonmaildotch File Extension' Ransomware delivers a ransom note. This ransom note is presented in the form of an HTML file dropped on the infected computer'desktop and several other locations on the infected PC. The '.kvllyatprotonmaildotch File Extension' Ransomware ransom note is named 'READ_TO_DECRYPT.html' and displays the following ransom message on the infected PC:
'YOUR FILES HAVE BEEN ENCRYPTED USING A
STRONG AES-256 ALGORITHM.
YOUR IDENTIFICATION IS
[32 chars long hex string]
SEND 0.02 BTC TO THE FOLLOWING WALLET
1Lqe4XsfHBQ2YtA91k9nTWJWNev4JkPXqo
AND AFTER PAY CONTACT kvlly@protonmail.ch
SENDING YOUR IDENTIFICATION TO RECOVER
THE KEY NECESSARY TO DECRYPT YOUR FILES
IF YOU CAN'T PAY WITH BTC EMAIL ME, AND MAYBE WE CAN WORK SOMETHING OUT!
ALSO I CAN HELP YOU SECURE YOUR SERVER SO YOU DONT GET HACEKD ANYMORE! 🙂
GREETINGS,KVLLY!'
This is how threats like the '.kvllyatprotonmaildotch File Extension' Ransomware are monetized. Criminals make a profit from the ransom payments from the victims of the '.kvllyatprotonmaildotch File Extension' Ransomware. Because of this, the victims should refrain from paying the '.kvllyatprotonmaildotch File Extension' Ransomware ransom or contacting the criminals by following the instructions in the '.kvllyatprotonmaildotch File Extension' Ransomware ransom note. Rather than paying the '.kvllyatprotonmaildotch File Extension' Ransomware ransom, they should take measures to prevent these attacks and limit their damage. The best thing you can do to stay safe from threats like the '.kvllyatprotonmaildotch File Extension' Ransomware is to have file backups stored on the cloud or an external memory device.
