Kromber Ransomware
The Kromber Ransomware is a file-locking Trojan from the AES-Matrix's family. It can keep your files from opening with AES-based encryption, change their names, delete backups, and create ransom notes. Users can ignore the ransom demands, assuming they have non-local backups for their media and use anti-malware products for uninstalling the Kromber Ransomware properly.
Corrupted Matrices Back on the Attack
A researcher has caught a previously-unseen variant of the AES-Matrix, with updates to the Trojan's note and associated, ransoming credentials. The Kromber Ransomware, like its brothers NGSC Ransomware, 'pedantback@protonmail.com' Ransomware, 'cryptoplant@protonmail.com' Ransomware, Relock Ransomware, and others, sabotages the victim's files by encrypting them. Old members of the family emphasized RDP-based infection methods, but malware analysts find it likely that the Kromber Ransomware's campaign is resorting to different strategies.
The Kromber Ransomware's payload centers on locking files by encrypting them using an AES algorithm that it secures with RSA, which is traditional among file-locker Trojans. It encodes the file's name, making it resemble gibberish, and adds a 'Kromber' email address, in brackets, as an extension. Malware experts, also, expect that the Kromber Ransomware will continue the family's practice of deleting Shadow Volume Copies, thereby stopping users from getting their work back through the Restore Points.
The Kromber Ransomware uses a modernized version of AES-Matrix Ransomware's ransom note, an RTF document, for extorting money from any victims. The English instructions provide multiple e-mail addresses and a Bitmessage account, as well as an ID, but no clear-cut price on the decryptor. Malware experts recommend against paying the ransom until all other solutions for data restoration fail due to the natural potential for criminals tricking their victims.
A Somber End for the Kromber Ransomware
Although only a secure backup that the Kromber Ransomware hasn't affected can provide a complete restoration of any blocked content, users can take advantage of multiple defenses against this file-locking Trojan. Some highly-recommended precautions include:
- Practice safe browsing habits on the Web. Both Internet Explorer and Flash software include vulnerabilities that previous AES-Matrix campaigns use for drive-by-download attacks. Using less popular browsers and disabling unsafe features like Flash and JavaScript will help keep your computer safe.
- Update software that's targeted by Exploit Kits like the Empire Pack EK, which will reduce the vulnerabilities that are present.
- Unsecured Web servers are highly at risk from AES-Matrix Ransomware attacks, and those of competing, file-locking Trojans. Turn RDP off or secure the feature appropriately and avoid using passwords that a criminal could brute-force.
As usual, traditional anti-malware services should adequately identify and remove the Kromber Ransomware from compromised Windows PCs, which will eliminate any further encryption damages.
The Kromber Ransomware's family is easily forgotten about with much larger ones afoot, but the source of an encryption attack isn't as relevant as what the user's done for protecting themselves from it. The software equivalent of a thug-for-hire doesn't need a big name for breaking the kneecaps of your work media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.