Home Malware Programs Ransomware KKK Ransomware

KKK Ransomware

Posted: June 7, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 21
First Seen: June 7, 2017
OS(es) Affected: Windows


The KKK Ransomware is a Trojan that demands Bitcoin ransoms after having blocked your files. While data recovery solutions do exist for threats of the KKK Ransomware's family, malware experts recommend blocking it with proper security protocols and protecting your media by backing it up. Anti-malware products with historical efficacy against Hidden Tear also should detect and delete the KKK Ransomware as being a threat to your PC.

Getting a Little Racism in Your Ransom

Since Hidden Tear is available to different threat actors throughout the world, with individual interests and motives, themes that various members of the Trojan family use can be quite diverse. Despite that, malware researchers don't often see ones as overtly toxic as the KKK Ransomware, which uses white nationalist imagery while showcasing its data-ransoming attacks. Like all working variants of HT, the KKK Ransomware also can lock the user out of opening different files in various folders.

The KKK Ransomware's payload is configured for a test environment and only scans the contents of a 'test' folder on the user's desktop (a behavior similar to the SuchSecurity Ransomware and the DolphinTear Ransomware) currently. Within the target directories, the KKK Ransomware encrypts files through an AES cipher, including pictures, documents and spreadsheets, for example. Program executables and Windows components are unaffected. For the media that does get blocked, their filenames acquire '.KKK' extensions appended to the old ones.

The more unusual part of the KKK Ransomware's payload is the HTML pop-up that the threat actor uses for ransom instructions. Besides some minor, interactive elements and demands for 0.05 Bitcoin, the Trojan also shows a background referencing the Ku Klux Klan organization. Fortunately, malware experts have not found any distribution methods involved in the KKK Ransomware's campaign that would imply the threat actors are targeting systems based on the ethnicity of their users.

Putting Racial Supremacy Wrong Doings Back in the Past

Although the KKK Ransomware may have an unfortunate crossover appeal to some threat actors, when bereft of its theme, the Trojan has few differences from other, edited builds of Hidden Tear. Victims have their choice of backups or free decryption programs for retrieving any files that the KKK Ransomware locks, without ransoms being necessary, in most scenarios. Paying the Bitcoin fee always has a high risk of the threat actor not reciprocating with the supposed decryption service, and malware experts recommend against it, as a rule.

File-encrypting threats tend to withhold their symptoms until after having caused damage to the files on your PC. When interacting with potentially unsafe Web content, including websites and e-mail attachments, consider the possibility of threat actors using it as an infection vector for the KKK Ransomware. Professional anti-malware products should delete the KKK Ransomware and related threats, regardless of any misleading names, icons, or extensions that form their disguises.

Some types of software, like some philosophies regarding genetics, belong in the past. Do your part to keep the KKK Ransomware from making new profits off old ideologies by making backups, updates, and anti-malware scans a part of your regular schedule.

Loading...