Kasiski Ransomware

Posted: February 20, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 87

Kasiski Ransomware Description

The Kasiski Ransomware is a Trojan that can lock your files with encryption ciphering, hijack your desktop's background, and create extortionist messages through text. This threat causes file damage that may not be reversible, whether or not you pay its ransoms, and malware experts advise making regular backups as a precaution against attacks of this type. Update your anti-malware solutions and use them to scan new files routinely to delete the Kasiski Ransomware without it having an opportunity to lock any of your media.

The Five Hundred Dollar File Problem

With threat actors using flexible methods of extorting money through threatening software, specializing in different victims, and using entire ranges of encryption ciphers, there also is a substantial variety in how they collect their revenue. In general, attacks against personal-use computers, as opposed to government, business or NGO networks, are less expensive than ones against entities with larger financial resources. However, some Trojans, like the Kasiski Ransomware, continue implementing attacks with comparatively expensive costs to the victims.

The Kasiski Ransomware drops components customized for Spanish-speaking regions, with no English variants that malware analysts see, so far. Unlike most file-encoding Trojans, the Kasiski Ransomware also is designed for 64 bit-based Windows environments specifically, and users running 32-bit operating systems may be immune to the intended payloads of current samples.

Other aspects of the Kasiski Ransomware's attacks are well within the models pioneered by campaigns like those for Hidden Tear and the Crysis Ransomware:

  • The Kasiski Ransomware replaces the desktop wallpaper with a custom JPG, which serves to redirect you to its ransom note (see below) solely.
  • The second file that the Kasiski Ransomware drops is a Notepad TXT message containing more relevant information on paying its fee to reverse all of the damages from the rest of its payload. With demands of five hundred USD equivalent, the Kasiski Ransomware is one of the more expensive casual user-targeting Trojans that malware researchers are noting for early 2017.
  • The Kasiski Ransomware also includes an encryption feature to encipher and lock your media, such as PDF, DOC or XLS files. This attack blocks the opening of these files until you decrypt them and provides the motivation for making the payment. Although the Kasiski Ransomware doesn't add new extensions to these files, it does prepend the tag [KASISKI] to them.

Stopping Unnecessary Expenses for the Start of the Year

Many file-encoding threats disseminate themselves through executable that is under a megabyte, which allows them to disguise themselves as documents or other, equally safe kinds of content. The Kasiski Ransomware is moderately unusual for having an observable size of fourteen MB currently. However, industry-wide detection rates against this new threat are much lower than ideal, and your security software may require being updated to detect the file as being a threat to your PC. The Kasiski Ransomware does not appear to belong to any of the old families of extortionist threats such as the Shade Ransomware.

Malware experts can track evidence of the Kasiski Ransomware's spreading back to late February, with limited data points on its distribution models. Threat actors could install the Kasiski Ransomware manually by hacking systems with brute force-vulnerable passwords but are more likely to use Exploit Kits, e-mail attachments or disguised torrents. Since decryption often is unavailable, even for PC users who choose to pay, having anti-malware protection for blocking the Kasiski Ransomware on sight, or stringent backup strategies, are the only guaranteed ways of keeping any file damage from occurring.

The Kasiski Ransomware may be a sign that threat authors are becoming more interested in getting larger ransoms, even from PC users with limited budgets. Since backup solutions are available to anyone for free, paying a five hundred dollar price for slothful file-saving behavior isn't a lifestyle malware analysts can endorse.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kasiski Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Kasiski Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.