Katafrack Ransomware

Posted: November 23, 2017

Katafrack Ransomware Description

The Katafrack Ransomware is a new version of the Ordinal Ransomware branch of Hidden Tear, a Trojan that locks the media-related files on your PC by encrypting them. Current releases of the Katafrack Ransomware don't utilize Hidden Tear's file-blocking feature, but updates to the threat could change that evaluation with a minimum of effort. Having backups can55Saturn$ secure your data from Trojans of this type, and many anti-malware products can delete the Katafrack Ransomware and other variations of Hidden Tear.

The People Who Play with a Series of Not-Very-Hidden Tears

A slightly unusual, probably in-progress version of Hidden Tear is being captured and examined thanks to centralized threat-analysis databases. This new form of Utku Sen's file-locking Trojan is a close relative of the Ordinal Ransomware but also demonstrates markedly different behavior from its progenitor. As of this article's date of authorship, the Trojan, the Katafrack Ransomware, omits any attempts at blocking the victim's files and is a security risk due to its interface-blocking ransom note primarily.

The earlier versions of Ordinal Ransomware carried over Hidden Tear's ability to block files, along with modifying the extensions in the names of this content. While the Katafrack Ransomware does claim to be capable of encrypting content to make it non-opening in all related programs, it does not leverage any such attacks or make other modifications to the user's media, such as changing their names or deleting backup currently. However, malware experts can confirm two variants of the Katafrack Ransomware conveying pop-up attacks that include all of the standard warnings and instructions of a file-locking Trojan's campaign.

The Katafrack Ransomware generates a non-interactive HTML window with no border, which takes away focus from other programs (but does not 'lock' the entire screen). This pop-up delivers ransoming demands for Bitcoins or the Ethereum cryptocurrency, which the threat actors claim will purchase the decryption key and program for unlocking your files. Malware analysts also identify a related, Notepad message from the Katafrack Ransomware containing essential transactional data, such as the cybercrook's e-mail, wallet links and the client's ID.

Subtracting the Newest Ordinal Ransomware from Your Series of Problems

Although the Katafrack Ransomware's branch of Hidden Tear is significant for including additional defenses against threat-analysis software like Wireshark, this protection doesn't equate to the Katafrack Ransomware's being more capable than usual of avoiding traditional anti-malware solutions. Most AV security products identify the Katafrack Ransomware at the same rates as other versions of Hidden Tear, which has little code obfuscation or protection from being deleted via third-party tools. However, the Katafrack Ransomware's campaign is too new for malware experts to correlate any firm evidence associated with its infection strategies, which could include e-mail attachments, torrents, exploit kits or brute-force attacks.

Even if the Katafrack Ransomware, currently, doesn't include attack features against your files, updates to this Trojan would require few changes for rendering such a function active. Always backing up your media to another device that's in little to no risk of infection can prevent file-locking Trojans from holding them hostage. Free decryption also is often possible with Hidden Tear-based threats, and most anti-malware programs may uninstall the Katafrack Ransomware and interrupt its payload.

Right now, the Katafrack Ransomware 'only' prevents the victims from viewing all of their screens until they take additional steps to terminate the Trojan's active process. While even this attack is a security issue, it also is just the start of what's likely to turn into a real attempt at blocking files for illicit funds.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Katafrack Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Katafrack Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.