KeyMaker Ransomware
Posted: August 31, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 44 |
| First Seen: | August 31, 2017 |
|---|---|
| Last Seen: | October 5, 2022 |
| OS(es) Affected: | Windows |
The KeyMaker Ransomware, which also refers to itself by the alias of 'crytp0lock' [sic], is a Trojan that uses Hidden Tear-based encryption attacks to lock an infected PC's files. Although Hidden Tear's variants are often breakable with third-party decryption software, malware experts recommend that you use backups to truly guarantee that this threat can't damage your files permanently. Anti-malware programs of most brands should delete the KeyMaker Ransomware without any obstruction.
The Two Day and Two Hundred Dollar Trojan
The element of consent, no matter how much made under duress, is an indispensable part of any Trojan campaign that aims to hold a victim's files captive for pay. Even threat actors recycling older works, like Hidden Tear, require some level of social engineering to improve their chances of making any money from their attacks. The KeyMaker Ransomware is a modern variant of the Hidden Tear family that takes cues from past attacks for manipulative purposes, particularly those of the Jigsaw Ransomware.
The KeyMaker Ransomware uses the AES encryption to lock the files of its victims, attacking such content as text documents or pictures commonly. Their names also experience cosmetic edits that append '.CryptedOpps' extensions, which serve as the primary means of identifying which content the Trojan is locking. Significantly, malware experts can confirm that the KeyMaker Ransomware's key to this encryption algorithm is being uploaded, in plain text, to a remote server, which could provide a path for research into free decryption tools for restoring the victim's files.
However, the KeyMaker Ransomware's threat actor is using the Trojan's payload to collect money in Bitcoin payments. The Trojan generates a text file asking for two hundred USD in Bitcoins before a two-day limit's expiration. The KeyMaker Ransomware threatens to start deleting any encrypted content afterward even though this feature isn't part of most Hidden Tear variants, and malware experts are finding no evidence of its presence here, thus far.
Finding a Key of Your Own to a Trojan's Attacks
Despite using English for its extortion communications, the KeyMaker Ransomware includes egregious typos in its ransom note, and it may not be the product of a native English-speaking threat actor. Research by malware experts has acquired no additional data on any infection vectors the Trojan may be using, although campaigns by file-encrypting Trojans may exploit some combination of email attachments, Web-browsing vulnerabilities, and brute-forcing of local passwords. Updating your software, abiding by appropriate password strategies and having default anti-malware protection can compensate for all of these security risks.
Newly-detected, file-encoding Trojans like the KeyMaker Ransomware may have no compatible decryption software available for the public's use. Contact reputable security researchers with experience in threats of this category to determine whether or not decoding any locked media is a practical course of recovery. Backing up your files can give more definitive recovery solutions, and many anti-malware products should preempt any damages by deleting the KeyMaker Ransomware immediately.
With malware experts seeing regular additions to Hidden Tear's family, Trojans like the KeyMaker Ransomware, the USBR Ransomware, and the VideoBelle Ransomare are the common man's problem increasingly. Any PC owner with valuable files but no backups should consider the risks of a lifestyle not spent protecting what's theirs.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.