Home Malware Programs Ransomware Kiratos Ransomware

Kiratos Ransomware

Posted: April 29, 2019

The Kiratos Ransomware is a file-locker Trojan that encrypts your files for ransoming the unlocker at a later date. Because the Kiratos Ransomware is a variant from a Ransomware-as-a-Service business, it may use flexible infection strategies, although current attacks are using fake freeware downloads. Most anti-malware products should delete the Kiratos Ransomware infections properly for protecting your files from any more data-locking attacks.

A (Trojan) Lady in Waiting

New days bring new versions of Ransomware-as-a-Service Trojans, which configure cosmetics and addresses for letting different threat actors gather ransoms. A new affiliate in the STOP Ransomware family of the RaaS industry is leveraging a version of the program with Greek-inspired etymology, the Kiratos Ransomware. The Kiratos Ransomware, whose name translates to 'lady,' may be specific to that peninsular nation or not, but its encryption should have no troubles blocking most files for any Windows-using victim.

The Kiratos Ransomware includes both network-connected and offline encryption routines for blocking files such as your Word or PDF documents, pictures like GIFs and JPGs, archives, databases, spreadsheets or 3D models, among other media. Although it defaults to the former, it will use the later if it can't contact its Command & Control server and download a dynamic key.

After stopping these files from opening, the Kiratos Ransomware delivers a text message-based ransom, which is a traditional ransoming method for both its STOP Ransomware family and most other types of file-locking Trojans. Malware experts recommend against paying for criminal services, although there are no universally-compatible freeware decryptors for every member of the Kiratos Ransomware's family.

Users can be sure of protecting their work by backing it up and by protecting networks with secure credentials. Note that Windows does keep default Shadow Volume Copies for recovery, which the Kiratos Ransomware usually, will delete, but an interrupted attack may prevent it.

Kicking the Old Lady Out of Your Hard Drive

The Kiratos Ransomware infections are using fake installers for the Internet Download Manager program for compromising new PCs. As always with STOP Ransomware's family, the Kiratos Ransomware only endangers Windows environments but can harm most of the non-essential files on your drives and any removable or network-available ones. Users should be hesitant about downloading files from advertising networks, torrents, or suspicious freeware websites, and always scan new downloads for any possible threats.

Backing up one's work to a device that the Kiratos Ransomware can't attack is the only, fully reliable way of stopping this threat from gaining extortion leverage and permanently harming your files. Professional anti-malware tools should remove the Kiratos Ransomware before its payload launches, and may uninstall the Kiratos Ransomware afterward, as well, if the threat actor delivered it to your PC or server manually.

Greek Windows users are the likeliest victims of the Kiratos Ransomware's campaign, but its relatives are busy in other nations of the world without much discrimination. Protecting your media isn't a duty that stops at any country's borders – any more than the extortion of STOP Ransomware remixes like the Guvara Ransomware, the Grovat Ransomware, the Raldug Ransomware or the Hrosas Ransomware.