Kerkoporta Ransomware

Posted: October 30, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 7

Kerkoporta Ransomware Description

The Kerkoporta Ransomware is a Trojan that includes features for ransoming the victim's files after it locks them, taking remote control of the infected PC, and blocking the screen with pop-ups. The risks of the Kerkoporta Ransomware infections include the possibly permanent loss of any media that it locks, as well as privacy and security issues from a remote attacker having access to your files, settings and software. Users who believe themselves to be affected should disconnect from the Internet as soon as possible and have anti-malware utilities ready to uninstall the Kerkoporta Ransomware.

How to Patch Windows into Attacking Your Files

Greece is the home ground of what may be a campaign of Trojan attacks that appear to be not only damaging files for ransom money but also creating vulnerabilities that could give the effective control of the PC to external threat actors. The multi-purpose the Kerkoporta Ransomware includes features for blocking the user out of the GUI, turning system access over to another user over a network, and renaming files. Current releases of the Kerkoporta Ransomware that are available to malware analysts show an absence of any encryption-based, file-locking feature, which may be the next thing its authors add to the payload.

The Kerkoporta Ransomware, whose name translates from Greek to 'backdoor,' is installing itself after a download trick of pretending to be an update for Windows. After the installation, it adds the '.encryptedsadly' extension to files that fit its internal list of formats and locations to attack, which can include Word documents, Excels spreadsheets, etc. Since this early version of the Kerkoporta Ransomware doesn't use any data-encoding algorithms, users can change the extension to default without needing to use a decryptor. However, while it does the above, the Kerkoporta Ransomware also commits other attacks.

The Kerkoporta Ransomware blocks the user's desktop access by creating a screen-sized HTA pop-up, which carries its Greek (and, optionally, English) ransoming instructions. Its default ransom message asks for the PIN of a 100 USD value Amazon gift card before restoring your theoretically blocked media. Meanwhile, the Trojan also attempts a network connection to a Command & Control server, possibly allowing a con artist on the other end to control the PC via a GUI panel or text commands.

Nailing Greece's New Backdoor Shut

While most PC users are likely to be distracted by its ability to lock out the desktop and, potentially, some formats of their digital media, the Kerkoporta Ransomware also could be exploited as a RAT for much more flexible attacks. Threat actors may use the Kerkoporta Ransomware's network-based features for changing your system settings, disabling your security software, or installing other threats, such as keyloggers or banking Trojans. This additional function makes even the incomplete version of the Kerkoporta Ransomware into a high-level threat that's readily capable of escalating an infection into a worse security issue than its symptoms might imply.

Without an update to give more data on its possible data-locking methodology, malware researchers only can recommend keeping backups that nullify any media-ransoming attempts from this threat. Cloud or peripheral device-based storage options are less at risk of being deleted than local content significantly, especially since the Kerkoporta Ransomware could allow con artists to erase content manually. Disabling network access also should be a priority during any disinfection attempt. Few anti-malware products are detecting and removing the Kerkoporta Ransomware accurately, and users should update the threat databases on any, relevant security software for maximum protection.

What a Trojan shows to its victims is rarely all that is there to see. While the Kerkoporta Ransomware keeps users busy with its ransoming antics, its authors may be up to causing even worse problems.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kerkoporta Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Kerkoporta Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.