KEYPASS Ransomware

The KEYPASS Ransomware is a file-locking Trojan that runs an AES and RSA data-encrypting routine for blocking your media files, which may include documents, pictures and other content. This estimated update of the STOP Ransomware is using infection methods that target users around the world and can compromise other PCs via non-secure networks. Users should have their anti-malware programs delete the KEYPASS Ransomware before using any appropriate, non-ransom-based recovery methods for their data.

The Trojan that Went from 'Stop' to 'Go' Globally

What most cyber-security experts are dubbing as an update of the previously-successful STOP Ransomware campaign is, now, circulating with the brand of the KEYPASS Ransomware. Threat actors may be using automatic infection vectors for any downloads, and are targeting various networks throughout the world. Business servers are at the most risk of an attack, along with NGO and government networks, although casual PC users also are endangered by the KEYPASS Ransomware's encryption.

Malware experts can confirm that separate victims of the KEYPASS Ransomware attacks are reaching triple digits at a minimum, since the second week of August, with at least twenty countries affected globally. The evidence is implying that the threat actors are distributing this file-locking Trojan by hacking into networks with brute-force attacks that can 'crack' login credentials currently. Symptoms associated with the KEYPASS Ransomware's initial attack for encrypting and blocking the infected PC's media may or may not be visible, although its predecessor, the STOP Ransomware, doesn't show any symptomatic behavior, at this point.

The KEYPASS Ransomware creates Notepad ransoming instructions and sells its premium, file-unlocking decryptor in return for Bitcoins. Its countdown before the cost rises to an unspecified, higher amount (after seventy-two hours) is one of the traditional social engineering techniques that malware experts see in abuse in file-locking Trojans' campaigns routinely. Since there isn't a free decryptor for the KEYPASS Ransomware or the old version of the STOP Ransomware, the victims have no other way of directly restoring their files, unless they have unaffected backups.

When Trojans Do Second Passes on Your Files

Besides its steep rise in distribution rates, the KEYPASS Ransomware's campaign has a second factor that makes it unusual for a file-locker Trojan: some victims are reporting of additional, simultaneous infections by other threats of the same classification. For now, malware analysts can confirm only members of the GandCrab Ransomware family in utilization in these attacks. Because double-encryption by two, separate Trojans can corrupt your files beyond any chances of decrypting, a network security issue could render the contents of a PC as good as deleted despite the media being present technically.

The KEYPASS Ransomware infections are attacking network shares, along with contents of the original PC that they compromise. Network admins should avoid brute-force-vulnerable logins and use appropriate security measures for keeping Trojans from accessing the media on other devices on the same network too readily. Although any victims should uninstall the KEYPASS Ransomware with the help of an appropriate anti-malware application as soon as possible, they may find some benefits from the limited 'free samples' of the decryptor that its threat actor is making available.

An international Trojan like the KEYPASS Ransomware doesn't need its victims to engage in unwise Web-browsing actions actively to take advantage of their vulnerabilities. Very often, file-locking Trojans don't need any more help than for someone to keep using a password that they ought to know is weak to a third-party's guessing outright.