Home Malware Programs Ransomware KingOuroboros Ransomware

KingOuroboros Ransomware

Posted: June 25, 2018

The KingOuroboros Ransomware is a Trojan based on the CryptoWire Ransomware family, which uses the AES encryption for locking the files of its victims. These files are identifiable through the new pseudo-extensions that the Trojan injects into their names just before any existing extensions. Victims should disregard the pop-up ransoming instructions of this threat and allow an appropriate anti-malware product to delete the KingOuroboros Ransomware before commencing with their data standard recovery procedures.

The New King of Your Files is a Clone

Another version of the POC (Proof-of-Concept) Trojan, the CryptoWire Ransomware, is in circulation throughout the wild, thanks to unknown infection vectors. This variant, the KingOuroboros Ransomware, keeps most of the traditional features of the family that malware experts also see in related threats, such as advanced pop-ups. However, unlike the wlojul@secmail.pro Ransomware, the VapeLauncher, the Lomix Ransomware, or the WanaCry4 Ransomware, the KingOuroboros Ransomware build also may corrupt data permanently.

When it's not overwriting file data due to either an intentionally corrupted feature update, or a bug, the KingOuroboros Ransomware uses an AES encryption routine for locking the user's media in a theoretically retrievable fashion. Although it filters any files over a certain size out of this attack, the KingOuroboros Ransomware can lock many formats of media nearly instantaneously, including documents, pictures, spreadsheets or most audio. The Trojan also injects a '.king_ouroboros' string into every name, but places it in front of the original extension instead of after it (example: 'importantdocument.king_ouroboros.doc').

Any readers familiar with the CryptoWire Ransomware's standard payload also will note that the KingOuroboros Ransomware keeps the same format of pop-up for its ransoming message, which launches through the Trojan's executable, instead of dropping a text file. The ransom note displays a list of the non-opening files and asks for a fifty USD payment in Bitcoins within three days. Given the additional risk of permanent data corruption, users should be cautious about paying any ransoms for a decryption solution that's highly likely of not working particularly.

Ending a Trojan with Claims to Infinite Crime

The loftily-named the KingOuroboros Ransomware is a reference to a mythological creature symbolizing infinity, a snake eating its tail. However, victims of its attacks who take standard preparations against possible damages by file-locking threats also should have adequate protection from this variant of the CryptoWire Ransomware. The Shadow Volume Copies and other, local files are subject to deletion, but the KingOuroboros Ransomware has no features that are specific to compromising cloud servers or other, secure backup options on other devices.

Malware experts can confirm the KingOuroboros Ransomware's live distribution, but how it installs itself remains in doubt. Spam e-mails and brute-force attacks against servers with improper password handling are two of the techniques often in use with file-locker Trojans. Self-defense entails keeping professional-standard network security settings and having your anti-malware programs analyze new downloads for deleting the KingOuroboros Ransomware on sight.

The KingOuroboros Ransomware is another memo about the dangers of developing a proof-of-concept program without thinking through the consequences of doing so. Unfortunately, the odds are in favor of the KingOuroboros Ransomware's not being the only variant of the CryptoWire Ransomware to feast on locked or corrupted files for June.

Loading...