Kryptonite RBY Ransomware
Posted: September 15, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 53 |
| First Seen: | September 15, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Kryptonite RBY Ransomware is a Trojan that can lock your files by enciphering them until you agree to pay its ransom. The symptoms related to these attacks include the presence of ransom-themed text messages, the hijacking of your desktop's wallpaper, pop-ups, and changes to the names of your locked media. Although most anti-malware products should remove the Kryptonite RBY Ransomware without incident, malware experts also recommend that you back up any files habitually, which reduces the damage from side effects like data encryption.
The New Color of Kryptonite
A new kind of file-locking Trojan is sending mixed signals with its branding motif, although this confusion doesn't make its encryption attacks any less credible. The Kryptonite RBY Ransomware, unrelated to the slightly older Kryptonite Ransomware, conducts file-enciphering attacks, hijacks the desktop's appearance, and gives different messages to Russian and English PC users. Although the apparent goal is extorting money in exchange for the decryption solution to unlock your files, the Kryptonite RBY Ransomware provides limited ransoming information currently.
The Kryptonite RBY Ransomware is a Windows program that, when running, scans the PC's file system for documents, pictures, archives, and other media for encrypting. The encryption feature blocks these files from opening in any associated software. The Kryptonite RBY Ransomware also may add new extensions to their names in later versions, although malware analysts find no such feature in the 1.0 release of this threat.
After encoding your data, the Kryptonite RBY Ransomware switches the Windows desktop's wallpaper with an image file. Unlike the implications of its internal data, the Kryptonite RBY Ransomware uses a wallpaper image it themes after Batman's 'Riddler' villain, rather than a Superman-themed one, with limited instructions. However, the Kryptonite RBY Ransomware conveys separate messages for Russian speakers versus English ones: English readers are given encryption warnings, while the Russian text informs readers about a 'flag' hidden in the background. The threat actor may be designing his Trojan with the assumption that any victims are bilingual.
Being a Superman to Your Computer
The Kryptonite RBY Ransomware is in a relatively early stage of development and drops no ransom-related components, such as instructions that ask for Bitcoins. In spite of that, its payload does utilize a working encryption feature that threat actors could use to lock potentially valuable types of data throughout the infected PC. For now, malware analysts are unable to provide any details on the Kryptonite RBY Ransomware's encryption cipher or whether or not victims could unlock their files with free decryption solutions.
While the Kryptonite RBY Ransomware may be joining TWLWLocker and the Pendor Ransomware in the latest wave of Russian-oriented Trojan campaigns, its future mode of circulation remains in doubt. Threat actors may install the Kryptonite RBY Ransomware automatically after brute-forcing control of a weakly-password-protected server, attach it to an email message, or use website-based threats like exploit kits. Safeguarding your passwords with appropriate protocols and not neglecting your backup maintenance can protect your PC from many of these risks, and reputable anti-malware programs can remove the Kryptonite RBY Ransomware from any already-compromised system.
The Kryptonite RBY Ransomware is closer to being in the planning stage than in a mode suitable for full deployment. Even with that caveat, a half-made Trojan is more than halfway capable of hurting your saved media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.