Kee Ransomware Description
The Kee Ransomware is a Trojan that modifies files with an AES enciphering routine without providing its victims with any means of acquiring a decryption solution. These attacks may corrupt your data permanently and are likely to target content such as documents, spreadsheets and pictures particularly. However, some anti-malware products may block and remove the Kee Ransomware without its encryption triggering.
Trojans Peddling False Hope to Those They Hurt
Out of the many possible revisions to Utku Sen's Hidden Tear, con artists introduce almost all of them to the public with the hope of making money via extortion. However, a new threat's campaign is eschewing the usual process of 'selling' its decryptor, but still, encrypts the PC's files. This new Trojan, the Kee Ransomware, offers no decryption features and even includes additional features for causing more damage after it locks your files.
This suspected variant of Hidden Tear includes the following features in its payload:
- An encryption attack using an AES algorithm encodes you files, locking content such as documents, and adds the '@kee' string onto every extension.
- Three different methods of displaying its warning messages via desktop wallpaper hijackings, interactive pop-up windows and text files. All of them announce the previous attack's occurrence, and the pop-up also includes a live countdown.
Strangely, although the Kee Ransomware doesn't offer a ransoming method for its decryptor, a brief concluding statement in its notes implies that the victim could, in theory, decrypt their files after searching their hard drive for the correct key. Malware experts see no evidence of the Kee Ransomware leaving this critical data exposed for the victim's use, meaning that this 'scavenger hunt' likely is undertaken in vain.
Also of note is the Kee Ransomware's file-deleting feature, which triggers after the infected PC reboots.
The Actual Key to Solving the Kee Ransomware's Unsolvable Puzzle
Any users in need of restarting their PCs without disabling the Kee Ransomware first, should search for the 'killsw32l.dll' file and remove it, which will prevent the launch of this Trojan's deletion feature. However, decryption appears to be impossible without further assistance from third-party anti-malware researchers. The danger this threat represents to any locally-stored data causes malware experts to recommend backing up your files to other locations, such as USB drives, for later restoration in the event of a Kee Ransomware attack.
The Kee Ransomware's possible ancestry with Hidden Tear is suspected but not, yet, confirmed, and samples of this threat and encrypted content may be invaluable to the anti-malware industry. PC users can watch traditional infection vectors like e-mail spam and corrupted websites for possible attempts to compromise their PC with this Trojan or other file-encrypting threats like it. While no traditional anti-malware product comes bundled with decryption functions for unlocking your files, they may remove the Kee Ransomware either before or after its installation.
The Kee Ransomware is a throwback to the days of Trojans, viruses, and other, corrupted software causing damage for the damage's sake. Whether a threat author has profit or pain on his mind, the results, however, are file loss and security problems for the user at the other end.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Kee Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
The following files were created in the system:
%USERPROFILE%\Desktop\file.exeFile name: file.exe
Size: 3.61 MB (3619328 bytes)
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 18, 2017
The following newly produced Registry Values are:
Regexp file mask%USERPROFILE%\Desktop\Downloads\killsw32b.dll%USERPROFILE%\Desktop\killsw32l.dll%USERPROFILE%\killsw32c.dll