AngryKite Ransomware
Posted: April 3, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 4 |
| First Seen: | April 3, 2017 |
|---|---|
| OS(es) Affected: | Windows |
he AngryKite Ransomware is an updated version of the KRider Ransomware, which uses an AES cipher to lock your files. The AngryKite Ransomware variant of this program also drops fake technical support messages to trick the victim into paying money for a decryption solution that the threat actor is unlikely to provide. Refrain from paying these ransoms and use both anti-malware products for deleting the AngryKite Ransomware and backups for keeping any files from being locked permanently.
March Trojans Flying High as Kites in April
In its early stages, the KRider Ransomware campaign was a curiosity for lacking any extortion-related components, such a ransoming messages or e-mail links. Threat actors with access to the Trojan's code are alleviating that missing piece of the project and supplementing the ransom demand with a social engineering tactic. In its newest form, the Trojan uses the name AngryKite Ransomware and is in distribution with fake file data implying that it's a 2016-developed, Microsoft-affiliated application.
The AngryKite Ransomware still uses the AES-based encryption techniques to lock your files. The files that the AngryKite Ransomware locks are detectable by their overwritten names and appended '.NumberDot' extensions, and can include over a hundred formats of data. However, malware experts find the most interesting component of the AngryKite Ransomware in its last symptom, the pop-up window that it deploys to collect its ransoms.
The AngryKite Ransomware displays a window masquerading as a security alert from unspecified software, claiming that your PC is under attack by a combination of rootkits and spyware (both of which are high-level threats capable of taking control over the PC or collecting confidential information). The AngryKite Ransomware displays a fake technical support hotline, asking you to call to prevent any further damages. This hoax allows the AngryKite Ransomware's threat actors to collect ransom money while pretending to help you disinfect your computer or recover your encrypted files.
Calming the Winds of Trojan Hoaxes
The new 'plot twist' in the KRider Ransomware story may emphasize additional layers of deceptive marketing, but the AngryKite Ransomware is, internally, little changed from its ancestor. Malware experts advise against paying the AngryKite Ransomware's threat actors any fees they demand, especially since the Trojan is basing itself off of threats that fail to save the required decryption information explicitly. However, preliminary investigations from within the anti-malware industry are suggestive of researchers being able to provide file-unlocking services for the AngryKite Ransomware for free.
Because the AngryKite Ransomware is only verifiable for being in distribution recently, malware experts have yet to cover all of its installation exploits. Freely-downloaded software bundles, mislabeled e-mail attachments, website script exploits and RDP hacking attacks are some of the popular methods of circulating encryption-based threats currently. Use anti-malware products, when possible, to delete the AngryKite Ransomware before it starts scanning your files, or isolate it for further analysis and decryption afterward.
To get ransom money, it may not be enough to take away a victim's digital belongings. Con artists may use false information, as with the AngryKite Ransomware's attacks, to encourage their victims into the desired course of action. However, an extortionist-recommended solution is in your best interest rarely, and you always should look on it as your final resort.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.