Kampret Ransomware
Kampret Ransomware Description
The Kampret Ransomware is a Trojan that can block your files by encoding them with the AES encryption. Its payload also creates messages asking for you to pay Bitcoins to unlock your content, although malware analysts recommend using other, well-established data recovery solutions. Industry-standardized anti-malware protection should account for most infection vectors this threat is likely to use and remove the Kampret Ransomware without letting it encrypt the contents of your PC.
Just a Branch of Hidden Tear Sucking out Your Money
Although Utku Sen's Hidden Tear software isn't one of the most sophisticated file-encrypting Trojans to date, con artists do make frequent use of it for the simple reason of its sheer, widespread availability. Originally owing its existence to educational motives, Hidden Tear is now one of the larger families of file-encoding threats, with its code being hijacked by different teams of on artists. The Kampret Ransomware is only one of the latest samples of Hidden Tear to come across malware experts' radar.
The Kampret Ransomware's name translates literally to 'bat' in Indonesian, although slang usage also re-purposes the word into an epithet. Despite the name its author chose for it, the Kampret Ransomware communicates with any victims with English-based messages. However, any text is visible only after the Trojan finishes damaging your local media for the purpose of holding it up for ransom.
The Kampret Ransomware encrypts your local files, such as text documents, with the same AES-based ciphers that other variants of Hidden Tear use. The threat actor also has reset the new extension that the Kampret Ransomware adds to the end of any encrypted filenames to '.lockednikampret,' which is custom to this Trojan.
Once it's blocked any files, the Kampret Ransomware places a Notepad message on the user's desktop, communicating its ransom demands for 0.5 Bitcoin and providing an e-mail address for any negotiation by the victim. This payment converts to roughly six hundred USD and, once paid, can't be refunded without the threat actor's permission even if he doesn't provide a means of unlocking your encoded data.
Sending the Kampret Ransomware Back Off into the Night
The Kampret Ransomware operates under the hope that any victims will not have backups to recover their encrypted content, but it also may delete the Windows Shadow Copies, or other, local data recovery options. Because paying con artists for their decryption software or key always has the potential of backfiring, anyone needing to unlock their files should, first, try using free Hidden Tear-based decryptors. External backups still are the strategy malware analysts can most endorse unreservedly for stopping file-encrypting threats like the Kampret Ransomware from inflicting long-lasting damage.
Because the Kampret Ransomware's campaign is new, little information is available for determining how it's distributing itself publicly. However, malware experts do confirm that some of the Kampret Ransomware executables are using fake extensions, with names implying that they're temporary files associated with the Facebook Web service. Con artists could propagate them with exploit kits in corrupted advertising content or a hacked site, bundle them into an unrelated download, or attach them to spam e-mails.
Anyone invested even trivially into the saved data on their PC should consider investing in both proven backup solutions and anti-malware products for eliminating the Kampret Ransomware before it can begin its encryption attacks. Waiting for symptom problems to appear often makes it too late to recover the files that are already being held hostage by Bitcoin-hungry perpetrators.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Kampret Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Download SpyHunter's Malware ScannerNote: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
Technical Details
File System Modifications
The following files were created in the system:
file.exe
File name: file.exeSize: 212.99 KB (212992 bytes)
MD5: daec76876c0629356c17a7fecd0045ca
Detection count: 47
File type: Executable File
Mime Type: application/octet-stream
Group: Malware file
Last Updated: April 12, 2017
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below: Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model. Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter. Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count. Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement. % Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage. |
||||
---|---|---|---|---|
|