Home Malware Programs Ransomware Kripto64 Ransomware

Kripto64 Ransomware

Posted: April 7, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 42
First Seen: April 7, 2017
OS(es) Affected: Windows


The Kripto64 Ransomware or Turkish Htx64 Ransomware is a member of the Hidden Tear family that targets only 64-bit Windows systems. Its payload can encrypt arbitrary files on your computer and launch extortion-themed pop-up messages that can block your desktop. If you're unable to prevent this threat's installation or otherwise delete the Kripto64 Ransomware in time with dedicated anti-malware applications, backups and freeware decryptors can provide ideal recovery options.

Shedding Trojan Tears for Turkey

Although Ransomware-as-a-Service is a dominant aspect of the threat black market, it's not so popular that threat actors don't have free alternatives, such as making products scavenged from free resources. The Hidden Tear family is one such resource, with its Turkish origins coming home to roost with a new variant: the Kripto64 Ransomware. Malware experts verify that 32-bit versions of Windows aren't vulnerable to this threat, in sharp contrast to most versions of Hidden Tear.

The Kripto64 Ransomware's limited OS compatibility doesn't impede its file-encrypting features, which remain intact. The Trojan enumerates all drives and identifies non-essential files, such as documents or JPG images, and encrypts them with an AES cipher. While doing so, the Kripto64 Ransomware also may insert changes to their extensions. With or without the new extensions, the affected media can no longer open until after being decrypted.

The Kripto64 Ransomware completes its payload by generating a potentially screen-locking pop-up, which its authors use for displaying their ransom demands. This Turkish language message asks for 500 Turkish Lira (equal to 134 US dollars) before the threat actors will give you their decryption key. While they also include warnings of penalties for failing to pay including the complete 'destruction' your computer, malware experts can see no evidence of this new feature patching into the Kripto64 Ransomware variant of Hidden Tear.

64-Bit Resolutions to Ransoming Wrongdoings

The Kripto64 Ransomware infections are unlikely of ever being able to follow up on the full scope of their threats as found in their pop-up messages. The family the Kripto64 Ransomware belongs to also is notably vulnerable to some free decryptors that could give PC users with no better recovery options a theoretical way to decrypt and restore their files. For users with the desire to avoid gambling on the compatibility of this software, or paying a con artist's ransom, malware analysts still recommend backing up their hard drives every day.

The Kripto64 Ransomware's payment demands are small enough in scale that the business sector is not a likely target of its attacks. For recreational PC users, one can encounter file-encrypting Trojan infections in spam e-mail attachments, drive-by-download attacks of website exploit kits, and bundled or mislabeled downloads. Disabling potentially unsafe browser features and using anti-malware products with Web monitoring features can block many of these vulnerabilities. Emphasizing blocking or removing the Kripto64 Ransomware with preventative security strategies and software is the best guarantee of eliminating the chance of permanent damage to the contents of your PC.

At over a hundred dollars for the threat actor's decryption assistance, the Kripto64 Ransomware infections are on the 'cheap' side of file-encrypting Trojan campaigns. On the other hand, nothing is cheaper than free, and victims can only blame themselves for needing to pay to cover up their security flaws.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kripto64 Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.