Home Malware Programs Ransomware Katafrack Ransomware

Katafrack Ransomware

Posted: November 23, 2017

Threat Metric

Threat Level: 8/10
Infected PCs: 65
First Seen: November 4, 2021
OS(es) Affected: Windows

The Katafrack Ransomware is a new version of the Ordinal Ransomware branch of Hidden Tear, a Trojan that locks the media-related files on your PC by encrypting them. Current releases of the Katafrack Ransomware don't utilize Hidden Tear's file-blocking feature, but updates to the threat could change that evaluation with a minimum of effort. Having backups can55Saturn$ secure your data from Trojans of this type, and many anti-malware products can delete the Katafrack Ransomware and other variations of Hidden Tear.

The People Who Play with a Series of Not-Very-Hidden Tears

A slightly unusual, probably in-progress version of Hidden Tear is being captured and examined thanks to centralized threat-analysis databases. This new form of Utku Sen's file-locking Trojan is a close relative of the Ordinal Ransomware but also demonstrates markedly different behavior from its progenitor. As of this article's date of authorship, the Trojan, the Katafrack Ransomware, omits any attempts at blocking the victim's files and is a security risk due to its interface-blocking ransom note primarily.

The earlier versions of Ordinal Ransomware carried over Hidden Tear's ability to block files, along with modifying the extensions in the names of this content. While the Katafrack Ransomware does claim to be capable of encrypting content to make it non-opening in all related programs, it does not leverage any such attacks or make other modifications to the user's media, such as changing their names or deleting backup currently. However, malware experts can confirm two variants of the Katafrack Ransomware conveying pop-up attacks that include all of the standard warnings and instructions of a file-locking Trojan's campaign.

The Katafrack Ransomware generates a non-interactive HTML window with no border, which takes away focus from other programs (but does not 'lock' the entire screen). This pop-up delivers ransoming demands for Bitcoins or the Ethereum cryptocurrency, which the threat actors claim will purchase the decryption key and program for unlocking your files. Malware analysts also identify a related, Notepad message from the Katafrack Ransomware containing essential transactional data, such as the cybercrook's e-mail, wallet links and the client's ID.

Subtracting the Newest Ordinal Ransomware from Your Series of Problems

Although the Katafrack Ransomware's branch of Hidden Tear is significant for including additional defenses against threat-analysis software like Wireshark, this protection doesn't equate to the Katafrack Ransomware's being more capable than usual of avoiding traditional anti-malware solutions. Most AV security products identify the Katafrack Ransomware at the same rates as other versions of Hidden Tear, which has little code obfuscation or protection from being deleted via third-party tools. However, the Katafrack Ransomware's campaign is too new for malware experts to correlate any firm evidence associated with its infection strategies, which could include e-mail attachments, torrents, exploit kits or brute-force attacks.

Even if the Katafrack Ransomware, currently, doesn't include attack features against your files, updates to this Trojan would require few changes for rendering such a function active. Always backing up your media to another device that's in little to no risk of infection can prevent file-locking Trojans from holding them hostage. Free decryption also is often possible with Hidden Tear-based threats, and most anti-malware programs may uninstall the Katafrack Ransomware and interrupt its payload.

Right now, the Katafrack Ransomware 'only' prevents the victims from viewing all of their screens until they take additional steps to terminate the Trojan's active process. While even this attack is a security issue, it also is just the start of what's likely to turn into a real attempt at blocking files for illicit funds.

Loading...