The Kromber Ransomware is a file-locking Trojan from the AES-Matrix's family. It can keep your files from opening with AES-based encryption, change their names, delete backups, and create ransom notes. Users can ignore the ransom demands, assuming they have non-local backups for their media and use anti-malware products for uninstalling the Kromber Ransomware properly.
Corrupted Matrices Back on the Attack
A researcher has caught a previously-unseen variant of the AES-Matrix, with updates to the Trojan's note and associated, ransoming credentials. The Kromber Ransomware, like its brothers NGSC Ransomware, 'email@example.com' Ransomware, 'firstname.lastname@example.org' Ransomware, Relock Ransomware, and others, sabotages the victim's files by encrypting them. Old members of the family emphasized RDP-based infection methods, but malware analysts find it likely that the Kromber Ransomware's campaign is resorting to different strategies.
The Kromber Ransomware's payload centers on locking files by encrypting them using an AES algorithm that it secures with RSA, which is traditional among file-locker Trojans. It encodes the file's name, making it resemble gibberish, and adds a 'Kromber' email address, in brackets, as an extension. Malware experts, also, expect that the Kromber Ransomware will continue the family's practice of deleting Shadow Volume Copies, thereby stopping users from getting their work back through the Restore Points.
The Kromber Ransomware uses a modernized version of AES-Matrix Ransomware's ransom note, an RTF document, for extorting money from any victims. The English instructions provide multiple e-mail addresses and a Bitmessage account, as well as an ID, but no clear-cut price on the decryptor. Malware experts recommend against paying the ransom until all other solutions for data restoration fail due to the natural potential for criminals tricking their victims.
A Somber End for the Kromber Ransomware
Although only a secure backup that the Kromber Ransomware hasn't affected can provide a complete restoration of any blocked content, users can take advantage of multiple defenses against this file-locking Trojan. Some highly-recommended precautions include:
- Update software that's targeted by Exploit Kits like the Empire Pack EK, which will reduce the vulnerabilities that are present.
- Unsecured Web servers are highly at risk from AES-Matrix Ransomware attacks, and those of competing, file-locking Trojans. Turn RDP off or secure the feature appropriately and avoid using passwords that a criminal could brute-force.
As usual, traditional anti-malware services should adequately identify and remove the Kromber Ransomware from compromised Windows PCs, which will eliminate any further encryption damages.
The Kromber Ransomware's family is easily forgotten about with much larger ones afoot, but the source of an encryption attack isn't as relevant as what the user's done for protecting themselves from it. The software equivalent of a thug-for-hire doesn't need a big name for breaking the kneecaps of your work media.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Kromber Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.