Home Malware Programs Ransomware KRIPTOVOR Ransomware

KRIPTOVOR Ransomware

Posted: April 10, 2015

Threat Metric

Threat Level: 10/10
Infected PCs: 52
First Seen: April 10, 2015
OS(es) Affected: Windows

The KRIPTOVOR Ransomware is a file encryptor Trojan that includes features for other attacks on a modular basis, and also may collect file data. Although the KRIPTOVOR Ransomware originates in Russia, and current samples are configured primarily for targeting victims using Cyrillic script documents, its functions also may endanger the files and machines of PC users residing elsewhere. As a reasonable precaution against file encryption attacks, malware researchers advise using routine, remote backup strategies in combination with regular anti-malware scans to delete the KRIPTOVOR Ransomware as required.

Playing out a Familiar Hostage Scenario Again

The KRIPTOVOR Ransomware (or, roughly translated, 'crypto-thief' ransomware) is another file encrypting Trojan that locks you out of reading files of popular formats while holding them hostage for a ransom fee. Unlike most, alternative types of file encryptors, such as the recent CrypVault, the KRIPTOVOR Ransomware limits its payment instructions to a single text message placed in the host folders of all encrypted files. As per usual standards for ransomware, the KRIPTOVOR Ransomware also deletes system data related to system restore points that could restore the attacked files without paying its ransom.

Files encrypted by the KRIPTOVOR Ransomware can be identified by the addition of the .JUST suffix to their names, including JPG images, Word documents, ZIP archives and Web HTML pages, among over a dozen other types. While encrypted files are effectively inaccessible until you decrypt them, there are, as usual, zero guarantees of the ransom transaction offered providing the key that's needed to restore the victim's data.

The KRIPTOVOR Ransomware also uses a module-based structure that allows the KRIPTOVOR Ransomware to add or remove new capabilities over time. Some of the earliest samples of this threat included Bitcoin-collecting functions, but malware experts now have seen the KRIPTOVOR Ransomware moving into traditional spyware territory with the KRIPTOVER.Infostealer module. The following file types are targets for being uploaded to a third-party server for theft, separately from the encryption attack:

  • Notepad TXT files.
  • Word DOC and DOCX files.
  • ZIP, 7Z and RAR archives.
  • Excel XLS and XLSX spreadsheets.

Getting over a Russian File Ransom

The KRIPTOVOR Ransomware may vary its behavior, accounting for details of the infected PC, such as associated networks that could be accessible. Malware experts also saw most versions of the KRIPTOVOR Ransomware taking extra steps to conceal their installations from basic PC security solutions, regardless of the success or failure of the other attacks. As always, updating your anti-malware suite routinely, using Safe Mode for any scans and using the most in-depth scanning functions available can improve your chances of detecting the KRIPTOVOR Ransomware immediately.

However, handling the KRIPTOVOR Ransomware also requires protecting your files from the KRIPTOVOR Ransomware. You may block conventional encryption attacks with the simple expedient of using cloud storage, USB storage devices and other, secure backup options. Likewise, you should react to any suspected theft of information from your PC with immediate changes to all affected passwords and other, login-critical data. The KRIPTOVOR Ransomware's current distribution models exploit e-mail spam, with their file attachments implemented as Trojan droppers.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KRIPTOVOR Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.