KRider Ransomware
Posted: March 8, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 83 |
| First Seen: | March 8, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The KRider Ransomware is a Trojan that can lock your files by encrypting them, an attack that con artists may abuse for collecting ransom money. Since the Trojan is incomplete and its campaign has yet to launch, malware experts are unable to provide perfect predictions of its infection methods. Using security tools for detecting the KRider Ransomware ahead of time and backups for recovering afterward are standard, recommended defenses that are likely to retain effectiveness against this threat.
Forecasting Spring Trojans with Your Spring Showers
Although most Trojans get the bulk of their news media attention after launching numerous, successful attacks, malware experts are equally attentive to samples of new threats just beginning their campaigns. The KRider Ransomware is a particularly early example that doesn't include what its author would consider the most important part of its payload: a way to make money off of it. Unfortunately, the KRider Ransomware doesn't omit the features that would let it damage your computer regardless of the lack of profits.
The available samples of the KRider Ransomware date no further back than the first of March, with most anti-malware products identifying it as being a variant of Barys. Although Barys is a family of Trojan downloaders, the KRider Ransomware may conduct network activities that could lead to this confusion, such as uploading data about the infection to a threat actor's C&C server. However, the primary purpose of the KRider Ransomware's payload is encrypting files, which it accomplishes with an AES-256 cipher.
After it locks your media by encrypting it (which reorganizes the internal file data according to an algorithm), the KRider Ransomware inserts '.kr3' extensions, which it may append after any existing ones or use to erase the originals. Unlike most completed Trojans of this classification, the KRider Ransomware doesn't create extortion messages to ask for money in exchange for the safe return of your files. Equally critically, malware experts determine that the KRider Ransomware doesn't save the key to the encryption process currently.
Riding Your Way out of Half-Built Ransoming Attacks
Even incomplete Trojans are capable of being security issues, and, in some ways, can be more threatening than their fully finished counterparts. Since the KRider Ransomware has neither ransoming infrastructure nor decryption features available for victims to use, anyone without backups will be unable to salvage their locked files. If future developments for the KRider Ransomware change the above facts, malware experts encourage looking for alternative data restoration resources, such as free decryption tools, before you pay a con artist's ransom.
Statistically, past attacks by file-encrypting Trojans like the KRider Ransomware have been most widespread when distributing through e-mail spam. These spam messages may use inaccurate file icons, names, or extensions, all of which can trick a victim into opening an installer for the KRider Ransomware. Keep dynamically operational security software for blocking or removing the KRider Ransomware without offering a window for encryption attacks.
The genealogy of the KRider Ransomware and its threat actor's affiliations are still subject to further investigation by malware experts. Without seeing attacks taking place to learn from them, PC users can best protect their data by backing it up and abiding by common-sense anti-malware tactics.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.