Posted: November 7, 2017
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
|First Seen:||August 14, 2018|
|Last Seen:||August 29, 2018|
The Kristina Ransomware is a variant of the Crypt12 Ransomware, a file-locking Trojan that requires manual instructions from a remote attacker to block different types of media. Threats of the Kristina Ransomware's family are known for compromising PCs after direct, targeted attacks, which may involve previously collected logins or Remote Desktop-based exploits. Users impacted by this Trojan should disable all network connections from the infected PC and remove the Kristina Ransomware with an anti-malware product immediately before implementing any data recovery solutions.
Cybercrooks Taking a Direct Hand in Their Trojans' Attacks
While many threat actors are interested in making money from damaging or collecting a PC's data, most of them wish to do so without much interaction with their campaigns. Some Trojans, nonetheless, abandon this more automated plan of attack in favor of a 'hands-on' strategy, such as the previously-identified Crypt12 Ransomware. Malware experts are just beginning to see new, trivially-edited versions of that Trojan with a different name: the Kristina Ransomware.
The Kristina Ransomware keeps the remote panel-based control scheme of the old Trojan and, like the Crypt12 Ransomware offers options for selecting which drives to encrypt, but doesn't provide configuration choices for the formats of any individual files. Threat actors may use manual methods to introduce, install and launch the Kristina Ransomware, set it to load a file-locking, encryption attack through the panel's GUI, and then, optionally, hide the interface from the user.
The Kristina Ransomware also still uses the '.crypt12' extension to mark the content it locks. Not every file with this signature is encoded necessarily; the Kristina Ransomware excludes true data-enciphering for any files over a certain size automatically. However, malware experts still find that most types of media, such as pictures, documents, and spreadsheets, are at risk of suffering from encoding.
Turning Down a Lady with Bad Intentions
Due to not being capable of running its attacks without additional, remote support, the Kristina Ransomware is most likely distributing in a campaign using such methods as RDP exploits, Remote Access Trojans (or RATs), and phishing attacks that collect login combinations. Being able to decode one's files afterward is not guaranteed necessarily, whether or not you pay any ransom that the threat actor requires. Backing up your work to locations that aren't at risk is the only secure strategy that can keep the Kristina Ransomware from damaging media permanently.
Victims should disable all network connections when dealing with a Kristina Ransomware infection, which is likely to come with remote attackers having some degree of control over the PC. The Kristina Ransomware may run on any .NET Framework-compatible, Windows machine, although its symptoms, such as a visible panel, may not appear to the user. Having anti-malware software for eliminating the Kristina Ransomware and related threats that could be facilitating remote control over the PC is highly encouraged by malware analysts.
The Kristina Ransomware and the Crypt12 Ransomware that it comes from are both good reminders that users don't always need to be stupid for their media to be at risk. Cybercrooks who take a control-heavy view of their law-breaking activities are also likely to direct the attacks of Trojans like the Kristina Ransomware in ways that a user can't prevent just by rejecting obviously threatening downloads.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Kristina Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.The following files were created in the system:
c:\users\user\desktop\c8654b503594d387accd75a406558b8a5ee52922e0cc724fbf432adc20991b34.exeFile name: c8654b503594d387accd75a406558b8a5ee52922e0cc724fbf432adc20991b34.exe
Size: 72.19 KB (72192 bytes)
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 14, 2018