Kripto64 Ransomware
Posted: April 7, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 42 |
| First Seen: | April 7, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Kripto64 Ransomware or Turkish Htx64 Ransomware is a member of the Hidden Tear family that targets only 64-bit Windows systems. Its payload can encrypt arbitrary files on your computer and launch extortion-themed pop-up messages that can block your desktop. If you're unable to prevent this threat's installation or otherwise delete the Kripto64 Ransomware in time with dedicated anti-malware applications, backups and freeware decryptors can provide ideal recovery options.
Shedding Trojan Tears for Turkey
Although Ransomware-as-a-Service is a dominant aspect of the threat black market, it's not so popular that threat actors don't have free alternatives, such as making products scavenged from free resources. The Hidden Tear family is one such resource, with its Turkish origins coming home to roost with a new variant: the Kripto64 Ransomware. Malware experts verify that 32-bit versions of Windows aren't vulnerable to this threat, in sharp contrast to most versions of Hidden Tear.
The Kripto64 Ransomware's limited OS compatibility doesn't impede its file-encrypting features, which remain intact. The Trojan enumerates all drives and identifies non-essential files, such as documents or JPG images, and encrypts them with an AES cipher. While doing so, the Kripto64 Ransomware also may insert changes to their extensions. With or without the new extensions, the affected media can no longer open until after being decrypted.
The Kripto64 Ransomware completes its payload by generating a potentially screen-locking pop-up, which its authors use for displaying their ransom demands. This Turkish language message asks for 500 Turkish Lira (equal to 134 US dollars) before the threat actors will give you their decryption key. While they also include warnings of penalties for failing to pay including the complete 'destruction' your computer, malware experts can see no evidence of this new feature patching into the Kripto64 Ransomware variant of Hidden Tear.
64-Bit Resolutions to Ransoming Wrongdoings
The Kripto64 Ransomware infections are unlikely of ever being able to follow up on the full scope of their threats as found in their pop-up messages. The family the Kripto64 Ransomware belongs to also is notably vulnerable to some free decryptors that could give PC users with no better recovery options a theoretical way to decrypt and restore their files. For users with the desire to avoid gambling on the compatibility of this software, or paying a con artist's ransom, malware analysts still recommend backing up their hard drives every day.
The Kripto64 Ransomware's payment demands are small enough in scale that the business sector is not a likely target of its attacks. For recreational PC users, one can encounter file-encrypting Trojan infections in spam e-mail attachments, drive-by-download attacks of website exploit kits, and bundled or mislabeled downloads. Disabling potentially unsafe browser features and using anti-malware products with Web monitoring features can block many of these vulnerabilities. Emphasizing blocking or removing the Kripto64 Ransomware with preventative security strategies and software is the best guarantee of eliminating the chance of permanent damage to the contents of your PC.
At over a hundred dollars for the threat actor's decryption assistance, the Kripto64 Ransomware infections are on the 'cheap' side of file-encrypting Trojan campaigns. On the other hand, nothing is cheaper than free, and victims can only blame themselves for needing to pay to cover up their security flaws.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.