KillSwitch Ransomware

Posted: June 2, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	80

First Seen:	June 2, 2017
Last Seen:	April 25, 2021
OS(es) Affected:	Windows

The KillSwitch Ransomware is a threat that is still in a development stage, and in its current state is only able to encrypt documents in the folder '%USERNAME%\Documents\test.' Despite this limit, the KillSwitch Ransomware is fully weaponized, and the crypto-threat is able to generate an AES key and then use it to lock the files of the victim. Thankfully, running the threat in its current state is unlikely to cause any damage, but this is bound to change in the future, and it is time for our readers to get familiar with the KillSwitch Ransomware and how they can protect themselves from it.

The author of the KillSwitch Ransomware has decided to craft a file-encryption Trojan that targets just seventeen file types. While this may not seem too much, the threat seeks to encrypt some of the most commonly used files so that its attack is guaranteed to inflict a lot of damage by encrypting valuable documents, photos and archives. Apart from encrypting the contents of the files, the KillSwitch Ransomware will also modify their name by adding the '.switch' extension (e.g. 'backup.zip' will be renamed to 'backup.zip.switch').

'ATTENTION!
Your files has been encrypted by KillSwitch
KillSwitch is a new kind of cryptography malware, unlike the most of other ones utilizing encryption like ransomware...
All of your files are encrypted with AES-256 ciphers. Unlocking of your files is not possible because KillSwitch generates unique one-way encryption keys without keys used to decrypt.
Your only option would be to attempt to break the encryption, but this is very hard since AES256 is a strong cipher algorithm.'

If the KillSwitch Ransomware carries out its attack successfully, it will display a ransom message for the users to read. The message does not contain any surprises and, as expected, the attacker assures the victims that their data can only be recovered by the attacker, and any other recovery techniques are bound to fail. Since the KillSwitch Ransomware is still not in a finished state, the author has not added any contact details or payment instructions so that there's no way to tell how much money they'll demand from their victims. Regardless of the sum, we assure you that sending money to cyber crooks is not a good idea.

While it might be easy to remove the KillSwitch Ransomware with the help of a credible anti-malware utility, the same can't be said for the recovery of the user's files. The KillSwitch Ransomware appears to use a fairly secure encryption routine so that it might be long before we see a free decryptor for this threat. In addition to being rather secure, the KillSwitch Ransomware also makes sure to wipe the Shadow Volume Copies and disable the System Restore, therefore further reducing its victim's chances of restoring their files via 3rd-party file recovery methods and utilities.

KillSwitch Ransomware

Threat Metric

Leave a Reply