Kampret Ransomware
Posted: April 12, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 66 |
| First Seen: | April 12, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Kampret Ransomware is a Trojan that can block your files by encoding them with the AES encryption. Its payload also creates messages asking for you to pay Bitcoins to unlock your content, although malware analysts recommend using other, well-established data recovery solutions. Industry-standardized anti-malware protection should account for most infection vectors this threat is likely to use and remove the Kampret Ransomware without letting it encrypt the contents of your PC.
Just a Branch of Hidden Tear Sucking out Your Money
Although Utku Sen's Hidden Tear software isn't one of the most sophisticated file-encrypting Trojans to date, con artists do make frequent use of it for the simple reason of its sheer, widespread availability. Originally owing its existence to educational motives, Hidden Tear is now one of the larger families of file-encoding threats, with its code being hijacked by different teams of on artists. The Kampret Ransomware is only one of the latest samples of Hidden Tear to come across malware experts' radar.
The Kampret Ransomware's name translates literally to 'bat' in Indonesian, although slang usage also re-purposes the word into an epithet. Despite the name its author chose for it, the Kampret Ransomware communicates with any victims with English-based messages. However, any text is visible only after the Trojan finishes damaging your local media for the purpose of holding it up for ransom.
The Kampret Ransomware encrypts your local files, such as text documents, with the same AES-based ciphers that other variants of Hidden Tear use. The threat actor also has reset the new extension that the Kampret Ransomware adds to the end of any encrypted filenames to '.lockednikampret,' which is custom to this Trojan.
Once it's blocked any files, the Kampret Ransomware places a Notepad message on the user's desktop, communicating its ransom demands for 0.5 Bitcoin and providing an e-mail address for any negotiation by the victim. This payment converts to roughly six hundred USD and, once paid, can't be refunded without the threat actor's permission even if he doesn't provide a means of unlocking your encoded data.
Sending the Kampret Ransomware Back Off into the Night
The Kampret Ransomware operates under the hope that any victims will not have backups to recover their encrypted content, but it also may delete the Windows Shadow Copies, or other, local data recovery options. Because paying con artists for their decryption software or key always has the potential of backfiring, anyone needing to unlock their files should, first, try using free Hidden Tear-based decryptors. External backups still are the strategy malware analysts can most endorse unreservedly for stopping file-encrypting threats like the Kampret Ransomware from inflicting long-lasting damage.
Because the Kampret Ransomware's campaign is new, little information is available for determining how it's distributing itself publicly. However, malware experts do confirm that some of the Kampret Ransomware executables are using fake extensions, with names implying that they're temporary files associated with the Facebook Web service. Con artists could propagate them with exploit kits in corrupted advertising content or a hacked site, bundle them into an unrelated download, or attach them to spam e-mails.
Anyone invested even trivially into the saved data on their PC should consider investing in both proven backup solutions and anti-malware products for eliminating the Kampret Ransomware before it can begin its encryption attacks. Waiting for symptom problems to appear often makes it too late to recover the files that are already being held hostage by Bitcoin-hungry perpetrators.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.