KEYPASS Ransomware

Posted: August 13, 2018

KEYPASS Ransomware Description

The KEYPASS Ransomware is a file-locking Trojan that runs an AES and RSA data-encrypting routine for blocking your media files, which may include documents, pictures and other content. This estimated update of the STOP Ransomware is using infection methods that target users around the world and can compromise other PCs via non-secure networks. Users should have their anti-malware programs delete the KEYPASS Ransomware before using any appropriate, non-ransom-based recovery methods for their data.

The Trojan that Went from 'Stop' to 'Go' Globally

What most cyber-security experts are dubbing as an update of the previously-successful STOP Ransomware campaign is, now, circulating with the brand of the KEYPASS Ransomware. Threat actors may be using automatic infection vectors for any downloads, and are targeting various networks throughout the world. Business servers are at the most risk of an attack, along with NGO and government networks, although casual PC users also are endangered by the KEYPASS Ransomware's encryption.

Malware experts can confirm that separate victims of the KEYPASS Ransomware attacks are reaching triple digits at a minimum, since the second week of August, with at least twenty countries affected globally. The evidence is implying that the threat actors are distributing this file-locking Trojan by hacking into networks with brute-force attacks that can 'crack' login credentials currently. Symptoms associated with the KEYPASS Ransomware's initial attack for encrypting and blocking the infected PC's media may or may not be visible, although its predecessor, the STOP Ransomware, doesn't show any symptomatic behavior, at this point.

The KEYPASS Ransomware creates Notepad ransoming instructions and sells its premium, file-unlocking decryptor in return for Bitcoins. Its countdown before the cost rises to an unspecified, higher amount (after seventy-two hours) is one of the traditional social engineering techniques that malware experts see in abuse in file-locking Trojans' campaigns routinely. Since there isn't a free decryptor for the KEYPASS Ransomware or the old version of the STOP Ransomware, the victims have no other way of directly restoring their files, unless they have unaffected backups.

When Trojans Do Second Passes on Your Files

Besides its steep rise in distribution rates, the KEYPASS Ransomware's campaign has a second factor that makes it unusual for a file-locker Trojan: some victims are reporting of additional, simultaneous infections by other threats of the same classification. For now, malware analysts can confirm only members of the GandCrab Ransomware family in utilization in these attacks. Because double-encryption by two, separate Trojans can corrupt your files beyond any chances of decrypting, a network security issue could render the contents of a PC as good as deleted despite the media being present technically.

The KEYPASS Ransomware infections are attacking network shares, along with contents of the original PC that they compromise. Network admins should avoid brute-force-vulnerable logins and use appropriate security measures for keeping Trojans from accessing the media on other devices on the same network too readily. Although any victims should uninstall the KEYPASS Ransomware with the help of an appropriate anti-malware application as soon as possible, they may find some benefits from the limited 'free samples' of the decryptor that its threat actor is making available.

An international Trojan like the KEYPASS Ransomware doesn't need its victims to engage in unwise Web-browsing actions actively to take advantage of their vulnerabilities. Very often, file-locking Trojans don't need any more help than for someone to keep using a password that they ought to know is weak to a third-party's guessing outright.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KEYPASS Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware KEYPASS Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.