Home Malware Programs Ransomware Kristina Ransomware

Kristina Ransomware

Posted: November 7, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 9
First Seen: August 14, 2018
Last Seen: August 29, 2018
OS(es) Affected: Windows

The Kristina Ransomware is a variant of the Crypt12 Ransomware, a file-locking Trojan that requires manual instructions from a remote attacker to block different types of media. Threats of the Kristina Ransomware's family are known for compromising PCs after direct, targeted attacks, which may involve previously collected logins or Remote Desktop-based exploits. Users impacted by this Trojan should disable all network connections from the infected PC and remove the Kristina Ransomware with an anti-malware product immediately before implementing any data recovery solutions.

Cybercrooks Taking a Direct Hand in Their Trojans' Attacks

While many threat actors are interested in making money from damaging or collecting a PC's data, most of them wish to do so without much interaction with their campaigns. Some Trojans, nonetheless, abandon this more automated plan of attack in favor of a 'hands-on' strategy, such as the previously-identified Crypt12 Ransomware. Malware experts are just beginning to see new, trivially-edited versions of that Trojan with a different name: the Kristina Ransomware.

The Kristina Ransomware keeps the remote panel-based control scheme of the old Trojan and, like the Crypt12 Ransomware offers options for selecting which drives to encrypt, but doesn't provide configuration choices for the formats of any individual files. Threat actors may use manual methods to introduce, install and launch the Kristina Ransomware, set it to load a file-locking, encryption attack through the panel's GUI, and then, optionally, hide the interface from the user.

The Kristina Ransomware also still uses the '.crypt12' extension to mark the content it locks. Not every file with this signature is encoded necessarily; the Kristina Ransomware excludes true data-enciphering for any files over a certain size automatically. However, malware experts still find that most types of media, such as pictures, documents, and spreadsheets, are at risk of suffering from encoding.

Turning Down a Lady with Bad Intentions

Due to not being capable of running its attacks without additional, remote support, the Kristina Ransomware is most likely distributing in a campaign using such methods as RDP exploits, Remote Access Trojans (or RATs), and phishing attacks that collect login combinations. Being able to decode one's files afterward is not guaranteed necessarily, whether or not you pay any ransom that the threat actor requires. Backing up your work to locations that aren't at risk is the only secure strategy that can keep the Kristina Ransomware from damaging media permanently.

Victims should disable all network connections when dealing with a Kristina Ransomware infection, which is likely to come with remote attackers having some degree of control over the PC. The Kristina Ransomware may run on any .NET Framework-compatible, Windows machine, although its symptoms, such as a visible panel, may not appear to the user. Having anti-malware software for eliminating the Kristina Ransomware and related threats that could be facilitating remote control over the PC is highly encouraged by malware analysts.

The Kristina Ransomware and the Crypt12 Ransomware that it comes from are both good reminders that users don't always need to be stupid for their media to be at risk. Cybercrooks who take a control-heavy view of their law-breaking activities are also likely to direct the attacks of Trojans like the Kristina Ransomware in ways that a user can't prevent just by rejecting obviously threatening downloads.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kristina Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

c:\users\user\desktop\c8654b503594d387accd75a406558b8a5ee52922e0cc724fbf432adc20991b34.exe File name: c8654b503594d387accd75a406558b8a5ee52922e0cc724fbf432adc20991b34.exe
Size: 72.19 KB (72192 bytes)
MD5: 570e220c22810e4906272fbf24689dcf
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: c:\users\user\desktop\
Group: Malware file
Last Updated: August 14, 2018