Home Malware Programs Ransomware Kiss Ransomware

Kiss Ransomware

Posted: October 21, 2019

The Kiss Ransomware is a file-locking Trojan and a possible new version of the Paradise Ransomware. In either case, its payload will block your PC's files by encrypting them, and the process can be irreversible. Suitably-secure backup standards are ideal for recovering lost data, although anti-malware software from most companies should delete the Kiss Ransomware immediately.

Unsolicited Affection for Monetary Reasons

What might be a new variant from the Paradise Ransomware's Trojan-generating kit is out in the wild and attacking victims by unknown methods. Although this easily-constructed family of Windows Trojans is nowhere near the same numbers of sub-campaigns as, for instance, the Scarab Ransomware, it is no less threatening for being diminutive and carries with it unbreakable encryption attacks. Although it's too early for malware analysts' verifying this connection, they can confirm the Kiss Ransomware encryption feature and related ransoming modus operandi.

The Kiss Ransomware locks multiple formats of files, with documents, pictures, music, and movies being traditional examples of digital 'captives.' It does this by sending them through an encryption routine that omits the first twenty-four bytes of data, but converts the rest, along with adding '' tags. Users, however, will find the filename changes more visible - the Kiss Ransomware includes a 'kiss' extension, a bracketed ID string, and a bracketed e-mail. All of this information is for contacting the threat actor for ransoming an unlocker, AKA decryptor.

Other elements of the Kiss Ransomware's payload are cut down from the Paradise Ransomware's more verbose equivalents. The software creates an HTML file with a request to contact the previous e-mail in English and doesn't elaborate on a ransom amount or payment method. It also provides Telegram support for an alternative communication method – an increasingly popular choice among file-locker Trojans' campaigns.

Declining Kisses from Encryption-Sharing Trojans

For now, malware researchers can't narrow down potential targets of the Kiss Ransomware's attacks, other than by noting that current ones are English speakers. Some causes of possible infections can include:

  • Enabling macros in corrupted documents or spreadsheets.
  • Not installing security patches.
  • Running browser scripts indiscriminately (such as on piracy websites).
  • Downloading illicit programs through torrents.
  • Using non-secure passwords for login credentials.
  • Leaving the Remote Desktop open to third parties.

Most users can avoid all of these dangers by paying attention to best practices while browsing the Web or administrating their local servers, websites, and networks. Since decrypting the Kiss Ransomware's blocked content is possibly non-feasible, malware experts are recommending preventative action strongly, including establishing appropriate backups.

Anti-malware products should remove the Kiss Ransomware and related threats, such as RATs, but can't unlock or decrypt any media.

Whether or not the Kiss Ransomware is a new version of the Paradise Ransomware is only mildly relevant to its future victims. Preferably, they'll take the necessary precautions and keep their files from being in any long-term danger. Otherwise, the cost can be all of their data – or a still-unknown ransom.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kiss Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts