CryptoKill Ransomware
Posted: February 13, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 59 |
| First Seen: | February 13, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The CryptoKill Ransomware is a new version of the Hidden Tear Trojan that uses an AES algorithm to encipher and block your files. Since its authors failed to provide a mechanism for saving the decryption key, victims are unable to unlock their data, even if they do pay the ransom. Use anti-malware programs to stop the CryptoKill Ransomware's installation whenever possible and save backups to keep its attacks from making your files irretrievable.
A Plan to Ransom at a Higher Cost than You'd Assume
With the popularity of file encryption as a way of holding data up for ransom, its victims sometimes can forget that not every threat actor reacts to the payments they take equally faithfully. For some Trojan administrators, the simplicity of taking the money and running outweighs the poor reputation that this history gives their campaign. Such a history can be irrelevant in the face of Trojans like the CryptoKill Ransomware especially, which is a derivative of the widely-reused Hidden Tear project.
The above project is an example of educational, file-encrypting threats whose existence was meant to inform programmers on the risks and challenges of ransomware. However, many con artists are 'borrowing' the code for delivering new Trojans to the public in live attacks happily. The CryptoKill Ransomware, like other versions of Hidden Tear, uses an AES cipher to encode files such as documents, archives or photos, locking them out of being readable accordingly.
The CryptoKill Ransomware uses the extension of '.crypto' for flagging any files it locks and, like most Hidden Tear Trojans, delivers a final ransom request through a Notepad file. The instructions ask for payment to restore your encoded data, but malware analysts verify that the CryptoKill Ransomware doesn't save the mandatory decryption key. As a direct result, since even the Trojan's author can't decrypt your files, any payments you might make are entirely in vain.
Killing a Trojan's Dishonest Plans for Profiteering
Trojans that go back on their word of honor aren't as uncommon as malware experts would prefer, with records of similar acts of betrayal coming through threats like the Batman_good@aol.com Ransomware. Using cryptocurrencies like Bitcoin also helps con artists avoid delivering any decryption help while suffering no revenue problems from doing so. However, the preponderance of Trojans like the CryptoKill Ransomware also shows some of the most problematic risks of rewarding an extortionist with money for compromising your PC.
Although success rates are variable, victims can attempt decrypting their locked data with public Hidden Tear decryptors. Any content of value always should be backed up to a location less at risk of being compromised by Trojans like the CryptoKill Ransomware, such as a detachable hard drive or a Web server. The vast majority of threats of this category will delete default backups from Windows automatically and also may compromise any other drives that they can access via network-mapped shares.
A majority of well-designed anti-malware products should find removing the CryptoKill Ransomware a minimal obstacle. However, once it attacks, the file-locking problems this Trojan may cause may not be possible to fix, which, once again, elevates the value of preemptive safety steps.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 28.67 KB (28672 bytes)
MD5: 63cc40d12e49ffb507d91af8f7a6f082
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 14, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.