Kee Ransomware
Posted: May 17, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 85 |
| First Seen: | May 17, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Kee Ransomware is a Trojan that modifies files with an AES enciphering routine without providing its victims with any means of acquiring a decryption solution. These attacks may corrupt your data permanently and are likely to target content such as documents, spreadsheets and pictures particularly. However, some anti-malware products may block and remove the Kee Ransomware without its encryption triggering.
Trojans Peddling False Hope to Those They Hurt
Out of the many possible revisions to Utku Sen's Hidden Tear, con artists introduce almost all of them to the public with the hope of making money via extortion. However, a new threat's campaign is eschewing the usual process of 'selling' its decryptor, but still, encrypts the PC's files. This new Trojan, the Kee Ransomware, offers no decryption features and even includes additional features for causing more damage after it locks your files.
This suspected variant of Hidden Tear includes the following features in its payload:
- An encryption attack using an AES algorithm encodes you files, locking content such as documents, and adds the '@kee' string onto every extension.
- Three different methods of displaying its warning messages via desktop wallpaper hijackings, interactive pop-up windows and text files. All of them announce the previous attack's occurrence, and the pop-up also includes a live countdown.
Strangely, although the Kee Ransomware doesn't offer a ransoming method for its decryptor, a brief concluding statement in its notes implies that the victim could, in theory, decrypt their files after searching their hard drive for the correct key. Malware experts see no evidence of the Kee Ransomware leaving this critical data exposed for the victim's use, meaning that this 'scavenger hunt' likely is undertaken in vain.
Also of note is the Kee Ransomware's file-deleting feature, which triggers after the infected PC reboots.
The Actual Key to Solving the Kee Ransomware's Unsolvable Puzzle
Any users in need of restarting their PCs without disabling the Kee Ransomware first, should search for the 'killsw32l.dll' file and remove it, which will prevent the launch of this Trojan's deletion feature. However, decryption appears to be impossible without further assistance from third-party anti-malware researchers. The danger this threat represents to any locally-stored data causes malware experts to recommend backing up your files to other locations, such as USB drives, for later restoration in the event of a Kee Ransomware attack.
The Kee Ransomware's possible ancestry with Hidden Tear is suspected but not, yet, confirmed, and samples of this threat and encrypted content may be invaluable to the anti-malware industry. PC users can watch traditional infection vectors like e-mail spam and corrupted websites for possible attempts to compromise their PC with this Trojan or other file-encrypting threats like it. While no traditional anti-malware product comes bundled with decryption functions for unlocking your files, they may remove the Kee Ransomware either before or after its installation.
The Kee Ransomware is a throwback to the days of Trojans, viruses, and other, corrupted software causing damage for the damage's sake. Whether a threat author has profit or pain on his mind, the results, however, are file loss and security problems for the user at the other end.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%USERPROFILE%\Desktop\file.exe
File name: file.exeSize: 3.61 MB (3619328 bytes)
MD5: 62c2aaf974ea6d5ff2c1af56fa4afe86
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Desktop
Group: Malware file
Last Updated: May 18, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.