Kryptonite RBY Ransomware

Posted: September 15, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 53

Kryptonite RBY Ransomware Description

The Kryptonite RBY Ransomware is a Trojan that can lock your files by enciphering them until you agree to pay its ransom. The symptoms related to these attacks include the presence of ransom-themed text messages, the hijacking of your desktop's wallpaper, pop-ups, and changes to the names of your locked media. Although most anti-malware products should remove the Kryptonite RBY Ransomware without incident, malware experts also recommend that you back up any files habitually, which reduces the damage from side effects like data encryption.

The New Color of Kryptonite

A new kind of file-locking Trojan is sending mixed signals with its branding motif, although this confusion doesn't make its encryption attacks any less credible. The Kryptonite RBY Ransomware, unrelated to the slightly older Kryptonite Ransomware, conducts file-enciphering attacks, hijacks the desktop's appearance, and gives different messages to Russian and English PC users. Although the apparent goal is extorting money in exchange for the decryption solution to unlock your files, the Kryptonite RBY Ransomware provides limited ransoming information currently.

The Kryptonite RBY Ransomware is a Windows program that, when running, scans the PC's file system for documents, pictures, archives, and other media for encrypting. The encryption feature blocks these files from opening in any associated software. The Kryptonite RBY Ransomware also may add new extensions to their names in later versions, although malware analysts find no such feature in the 1.0 release of this threat.

After encoding your data, the Kryptonite RBY Ransomware switches the Windows desktop's wallpaper with an image file. Unlike the implications of its internal data, the Kryptonite RBY Ransomware uses a wallpaper image it themes after Batman's 'Riddler' villain, rather than a Superman-themed one, with limited instructions. However, the Kryptonite RBY Ransomware conveys separate messages for Russian speakers versus English ones: English readers are given encryption warnings, while the Russian text informs readers about a 'flag' hidden in the background. The threat actor may be designing his Trojan with the assumption that any victims are bilingual.

Being a Superman to Your Computer

The Kryptonite RBY Ransomware is in a relatively early stage of development and drops no ransom-related components, such as instructions that ask for Bitcoins. In spite of that, its payload does utilize a working encryption feature that threat actors could use to lock potentially valuable types of data throughout the infected PC. For now, malware analysts are unable to provide any details on the Kryptonite RBY Ransomware's encryption cipher or whether or not victims could unlock their files with free decryption solutions.

While the Kryptonite RBY Ransomware may be joining TWLWLocker and the Pendor Ransomware in the latest wave of Russian-oriented Trojan campaigns, its future mode of circulation remains in doubt. Threat actors may install the Kryptonite RBY Ransomware automatically after brute-forcing control of a weakly-password-protected server, attach it to an email message, or use website-based threats like exploit kits. Safeguarding your passwords with appropriate protocols and not neglecting your backup maintenance can protect your PC from many of these risks, and reputable anti-malware programs can remove the Kryptonite RBY Ransomware from any already-compromised system.

The Kryptonite RBY Ransomware is closer to being in the planning stage than in a mode suitable for full deployment. Even with that caveat, a half-made Trojan is more than halfway capable of hurting your saved media.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kryptonite RBY Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Kryptonite RBY Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.