Home Malware Programs Ransomware KRider Ransomware

KRider Ransomware

Posted: March 8, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 83
First Seen: March 8, 2017
OS(es) Affected: Windows

The KRider Ransomware is a Trojan that can lock your files by encrypting them, an attack that con artists may abuse for collecting ransom money. Since the Trojan is incomplete and its campaign has yet to launch, malware experts are unable to provide perfect predictions of its infection methods. Using security tools for detecting the KRider Ransomware ahead of time and backups for recovering afterward are standard, recommended defenses that are likely to retain effectiveness against this threat.

Forecasting Spring Trojans with Your Spring Showers

Although most Trojans get the bulk of their news media attention after launching numerous, successful attacks, malware experts are equally attentive to samples of new threats just beginning their campaigns. The KRider Ransomware is a particularly early example that doesn't include what its author would consider the most important part of its payload: a way to make money off of it. Unfortunately, the KRider Ransomware doesn't omit the features that would let it damage your computer regardless of the lack of profits.

The available samples of the KRider Ransomware date no further back than the first of March, with most anti-malware products identifying it as being a variant of Barys. Although Barys is a family of Trojan downloaders, the KRider Ransomware may conduct network activities that could lead to this confusion, such as uploading data about the infection to a threat actor's C&C server. However, the primary purpose of the KRider Ransomware's payload is encrypting files, which it accomplishes with an AES-256 cipher.

After it locks your media by encrypting it (which reorganizes the internal file data according to an algorithm), the KRider Ransomware inserts '.kr3' extensions, which it may append after any existing ones or use to erase the originals. Unlike most completed Trojans of this classification, the KRider Ransomware doesn't create extortion messages to ask for money in exchange for the safe return of your files. Equally critically, malware experts determine that the KRider Ransomware doesn't save the key to the encryption process currently.

Riding Your Way out of Half-Built Ransoming Attacks

Even incomplete Trojans are capable of being security issues, and, in some ways, can be more threatening than their fully finished counterparts. Since the KRider Ransomware has neither ransoming infrastructure nor decryption features available for victims to use, anyone without backups will be unable to salvage their locked files. If future developments for the KRider Ransomware change the above facts, malware experts encourage looking for alternative data restoration resources, such as free decryption tools, before you pay a con artist's ransom.

Statistically, past attacks by file-encrypting Trojans like the KRider Ransomware have been most widespread when distributing through e-mail spam. These spam messages may use inaccurate file icons, names, or extensions, all of which can trick a victim into opening an installer for the KRider Ransomware. Keep dynamically operational security software for blocking or removing the KRider Ransomware without offering a window for encryption attacks.

The genealogy of the KRider Ransomware and its threat actor's affiliations are still subject to further investigation by malware experts. Without seeing attacks taking place to learn from them, PC users can best protect their data by backing it up and abiding by common-sense anti-malware tactics.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KRider Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.