Home Malware Programs Ransomware Kryptonite Ransomware

Kryptonite Ransomware

Posted: June 26, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 59
First Seen: June 26, 2017
Last Seen: April 18, 2018
OS(es) Affected: Windows

The Kryptonite Ransomware is a Trojan that encrypts your files and asks you to pay money to recover them. This threat is disguising itself as an ASCII-based 'Snake' game to distract the user while it locks local content, and its ransoming method currently is non-functional. The simplest way to restore your files is to keep backups that Trojans can't encrypt or delete, and updated anti-malware programs should remove the Kryptonite Ransomware immediately.

Playing Games with Unpredictable Consequences

Usually, threat actors depend on stealth as their best protection from having threatening software identified, quarantined, and removed before their attacks finish. Minority incidents sometimes use other philosophies, however, such as distracting the victim with a fake update screen or game. The latter is the choice of the Kryptonite Ransomware, a particularly unusual, file-encrypting threat that entertains while attacking.

The Kryptonite Ransomware's file data suggests that it was an Israeli university student's pet project. The Trojan may be hiding as the same game it uses, initially, as its distraction: Snake, a game where the player must avoid colliding with his own, increasingly long tail.

Launching the Kryptonite Ransomware opens the text-based 'Snake' window. However, it also doubles as an output for the Kryptonite Ransomware's encryption scan, which merges the text of the encrypted file lines with the game's interface. The encrypting attack launches in a matter of seconds and allows the Kryptonite Ransomware to block arbitrary file types, such as DOC or JPG, by changing their internal data with a cipher.

The Trojan also gives its victims a Notepad ransom note that asks for payment to decrypt and unlock their media. Unlike similar file-encrypting threats, the Kryptonite Ransomware doesn't change the filenames, even by adding extensions, which could delay the victim's realization that their media isn't readable substantially.

Extracting a Snake from Your File System

Current versions of the Kryptonite Ransomware omit the ID-generating executable that victims need to receive the decryptor, which makes paying the ransom, not just risky, but guaranteed not to give any results. Although malware experts have yet to confirm whether the Kryptonite Ransomware is using an RSA-based attack (as its message asserts), free decryption is unavailable, for now. Backups are always the most secure method of keeping your files from being damaged by encryption, deletion or renaming.

The Kryptonite Ransomware isn't the only Trojan to use games to hide their real features. Previous threats with similar disguises sometimes circulate by masking their installers as being gaming software or bundling with other programs. Downloading your files from trustworthy hosts and scanning suspicious content with security software can help you detect and remove mislabeled, corrupted files. Although detection rates for this Trojan are low, malware experts still recommend updating and running anti-malware scans for uninstalling the Kryptonite Ransomware from an infected PC.

With the gaming industry in a boom and more products available at lower prices than ever, there's almost no reason to look for legally questionable gaming downloads. Stay to safe venues for your entertainment, and you'll be all the less likely to deal with ransoms from the Kryptonite Ransomware.

Related Posts

Loading...