KeyMaker Ransomware

KeyMaker Ransomware Description

The KeyMaker Ransomware, which also refers to itself by the alias of 'crytp0lock' [sic], is a Trojan that uses Hidden Tear-based encryption attacks to lock an infected PC's files. Although Hidden Tear's variants are often breakable with third-party decryption software, malware experts recommend that you use backups to truly guarantee that this threat can't damage your files permanently. Anti-malware programs of most brands should delete the KeyMaker Ransomware without any obstruction.

The Two Day and Two Hundred Dollar Trojan

The element of consent, no matter how much made under duress, is an indispensable part of any Trojan campaign that aims to hold a victim's files captive for pay. Even threat actors recycling older works, like Hidden Tear, require some level of social engineering to improve their chances of making any money from their attacks. The KeyMaker Ransomware is a modern variant of the Hidden Tear family that takes cues from past attacks for manipulative purposes, particularly those of the Jigsaw Ransomware.

The KeyMaker Ransomware uses the AES encryption to lock the files of its victims, attacking such content as text documents or pictures commonly. Their names also experience cosmetic edits that append '.CryptedOpps' extensions, which serve as the primary means of identifying which content the Trojan is locking. Significantly, malware experts can confirm that the KeyMaker Ransomware's key to this encryption algorithm is being uploaded, in plain text, to a remote server, which could provide a path for research into free decryption tools for restoring the victim's files.

However, the KeyMaker Ransomware's threat actor is using the Trojan's payload to collect money in Bitcoin payments. The Trojan generates a text file asking for two hundred USD in Bitcoins before a two-day limit's expiration. The KeyMaker Ransomware threatens to start deleting any encrypted content afterward even though this feature isn't part of most Hidden Tear variants, and malware experts are finding no evidence of its presence here, thus far.

Finding a Key of Your Own to a Trojan's Attacks

Despite using English for its extortion communications, the KeyMaker Ransomware includes egregious typos in its ransom note, and it may not be the product of a native English-speaking threat actor. Research by malware experts has acquired no additional data on any infection vectors the Trojan may be using, although campaigns by file-encrypting Trojans may exploit some combination of email attachments, Web-browsing vulnerabilities, and brute-forcing of local passwords. Updating your software, abiding by appropriate password strategies and having default anti-malware protection can compensate for all of these security risks.

Newly-detected, file-encoding Trojans like the KeyMaker Ransomware may have no compatible decryption software available for the public's use. Contact reputable security researchers with experience in threats of this category to determine whether or not decoding any locked media is a practical course of recovery. Backing up your files can give more definitive recovery solutions, and many anti-malware products should preempt any damages by deleting the KeyMaker Ransomware immediately.

With malware experts seeing regular additions to Hidden Tear's family, Trojans like the KeyMaker Ransomware, the USBR Ransomware, and the VideoBelle Ransomare are the common man's problem increasingly. Any PC owner with valuable files but no backups should consider the risks of a lifestyle not spent protecting what's theirs.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KeyMaker Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: August 31, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 42
Home Malware Programs Ransomware KeyMaker Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.