KillRabbit Ransomware
The KillRabbit Ransomware is a file-locking Trojan that can stop your files from opening by encrypting them with an algorithm that may or may not be breakable by third parties. Since infections come with a risk of losing all data that's not essential to the operating system, malware experts recommend storing backups of your media for its protection. The anti-malware suites of most, reputable brands also can delete the KillRabbit Ransomware automatically.
Look What's Hopping Towards Your Files
Families of file-locking Trojans, including RaaS ones like the Scarab Ransomware, and freeware ones like Hidden Tear, aren't the only competing entities in their Black Hat industry. Sometimes, malware researchers also find independently-produced threats, such as the KillRabbit Ransomware. While it's a Windows-based program with a traditional, file-locking attack, the KillRabbit Ransomware's campaign uses easily-identifiable and well-organized ransoming methods that help it stand out from its competition.
As of the second week of August, malware researchers are unable to confirm whether the KillRabbit Ransomware's potential campaign is in a state of live deployment or is in-development and unfit for release. However, the file-locking Trojan does have a complete encryption feature, most likely, using the AES-256 for converting Word documents, Excel spreadsheets, MP3s, and other media into non-opening formats. It also adds further changes to their names, such as '.killrabbit' extensions (for instance, 'tree.gif.killrabbit').
The most atypical component of the KillRabbit Ransomware's payload is its ransoming instructions, which it splits across two PHP files with UIs similar to those of last year's Lalabitch Ransomware or the Shutdown57 Ransomware. One file provides an extensive, a Bitcoin ransom-paying interface, and the second one gives the victim a file-unlocking service after they pay. Both filenames give the victim an ID number for accessing either of these features.
Making Sure that Vermin Don't Kill Your Files
The KillRabbit Ransomware campaign is not an apparent update of 2017's Bad Rabbit Ransomware, or any similar threat. However, as a file-locker Trojan, its attacks can lock you out of opening documents and other media throughout your computer and any vulnerable, network-shared folders. Until a decryption solution is achievable, users should maintain strict backup schedules particularly and monitor their network logins for vulnerabilities or changes to the RDP settings. Malware analysts advise against relying solely on Windows' default backups since many file-locker Trojans will delete them permanently.
The KillRabbit Ransomware campaign is sufficiently young that its infection methods are unknowable. Besides cracking login credentials with brute-force attacks against at-risk networks, criminals also could use less discriminating exploits, such as spam e-mail attachments, website-hosted EKs like the Nebula Exploit Kit or torrents. Always letting trusted anti-malware programs scan your downloads gives them opportunities for deleting the KillRabbit Ransomware without the issue of data loss. If your files do incur unavoidable damage, you may contact an established member of the PC security industry for their decryption help.
The KillRabbit Ransomware could be an effort at borrowing the Bad Rabbit Ransomware brand for new threat actors or just a coincidental name. Whether its title is a social-engineered manipulation or random, its attacks are problematic for any file that doesn't have a recent copy preserved elsewhere equally.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.