KillSwitch Ransomware
Posted: June 2, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 80 |
First Seen: | June 2, 2017 |
---|---|
Last Seen: | April 25, 2021 |
OS(es) Affected: | Windows |
The KillSwitch Ransomware is a threat that is still in a development stage, and in its current state is only able to encrypt documents in the folder '%USERNAME%\Documents\test.' Despite this limit, the KillSwitch Ransomware is fully weaponized, and the crypto-threat is able to generate an AES key and then use it to lock the files of the victim. Thankfully, running the threat in its current state is unlikely to cause any damage, but this is bound to change in the future, and it is time for our readers to get familiar with the KillSwitch Ransomware and how they can protect themselves from it.
The author of the KillSwitch Ransomware has decided to craft a file-encryption Trojan that targets just seventeen file types. While this may not seem too much, the threat seeks to encrypt some of the most commonly used files so that its attack is guaranteed to inflict a lot of damage by encrypting valuable documents, photos and archives. Apart from encrypting the contents of the files, the KillSwitch Ransomware will also modify their name by adding the '.switch' extension (e.g. 'backup.zip' will be renamed to 'backup.zip.switch').
'ATTENTION!
Your files has been encrypted by KillSwitch
KillSwitch is a new kind of cryptography malware, unlike the most of other ones utilizing encryption like ransomware...
All of your files are encrypted with AES-256 ciphers. Unlocking of your files is not possible because KillSwitch generates unique one-way encryption keys without keys used to decrypt.
Your only option would be to attempt to break the encryption, but this is very hard since AES256 is a strong cipher algorithm.'
If the KillSwitch Ransomware carries out its attack successfully, it will display a ransom message for the users to read. The message does not contain any surprises and, as expected, the attacker assures the victims that their data can only be recovered by the attacker, and any other recovery techniques are bound to fail. Since the KillSwitch Ransomware is still not in a finished state, the author has not added any contact details or payment instructions so that there's no way to tell how much money they'll demand from their victims. Regardless of the sum, we assure you that sending money to cyber crooks is not a good idea.
While it might be easy to remove the KillSwitch Ransomware with the help of a credible anti-malware utility, the same can't be said for the recovery of the user's files. The KillSwitch Ransomware appears to use a fairly secure encryption routine so that it might be long before we see a free decryptor for this threat. In addition to being rather secure, the KillSwitch Ransomware also makes sure to wipe the Shadow Volume Copies and disable the System Restore, therefore further reducing its victim's chances of restoring their files via 3rd-party file recovery methods and utilities.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.