Kuntzware Ransomware
Posted: June 27, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 95 |
| First Seen: | June 27, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Kuntzware Ransomware is a Trojan that may block the screen or lock your files with encryption until you pay a ransom for the removal of its attacks. Although this Trojan is being developed and not fully functional, users should regard it as a danger to their security and any saved data until proven otherwise. Recovery options like backups can help you restore any files, and most anti-malware products can remove the Kuntzware Ransomware or block it from installing.
Partially-Built Trojans with Aims of Scraping the Clouds
While threat actors usually don't try to reinvent the wheel, sometimes, a default family of threatening software, like Hidden Tear or EDA2, doesn't provide everything that they need. When a more protracted development cycle results, it can be invaluable to identify samples of the work-in-progress, such as the still-incomplete Kuntzware Ransomware. Although not in a state to implement its payload successfully, this Trojan does offer a view of what its author wants: encrypted files with network support to hold for ransom money.
The Kuntzware Ransomware seems to be using the AES-256 as its cipher of choice for locking the files of its victims. Although such a choice would be extremely standard for a file-encoding Trojan, its author also is supporting the Kuntzware Ransomware's attack with potentially advanced networking features, which it could use to target cloud-based storage or offload the encryption routine to a remote server. The Trojan also adds the 'kuntzware' extension to the names of any media it locks, which provides the infection with a unique brand identity.
The Kuntzware Ransomware also carries with it configurable ransoming options, such as a variable time limit or payment amount, and conveys its extortion message through a pop-up. Its threat actor appears to be intending to use the window as a 'screen-locker,' or an object to block the desktop until the victim agrees to pay. Related functions also may monitor the PC's system resources, including RAM and CPU percentages, although the Trojan's purpose for doing so is unknown.
The Trouble with Getting Fifty Percent of a Trojan Attack
The Kuntzware Ransomware is unfinished and will self-terminate with a generic Windows error upon being run. However, partially-made Trojans like the Kuntzware Ransomware retain high potential for harm, especially since they may encrypt content with a truly irreversible cipher or omit essential details for recovering the locked files. In many, but not all file-encrypting infections, malware experts can point towards freeware decryption solutions. Other than that, victims should use backups in safe locations, such as a detachable USB device, to keep their files from harm.
Threat actors running file-encrypting Trojan campaigns may install the Kuntzware Ransomware on your PC in different ways, including:
- Brute-forcing software can let con artists break remote login credentials, particularly for common or simplistic passwords.
- Targeted spam e-mails, often formatted to imitate authentic content like a delivery notice, can include either the Kuntzware Ransomware or a secondary threat, such as a corrupted macro, that could install it.
- Web-based threats like the RIG Exploit Kit also retain prominence as delivery mechanisms for file-encrypting Trojans of various families.
Whether this Trojan's development finishes or not, users should protect their PCs with conventional anti-malware products and strategies. Always scan your entire computer when removing the Kuntzware Ransomware, which is unlikely to be in circulation without some assistance from other vulnerabilities or threatening software. Note that decryption is a separate feature not included with traditional anti-malware programs and requires additional, specialized programs.
For many victims, whether the con artist attacking their computers has a good work ethic or not is a moot point. Unfinished threats like the Kuntzware Ransomware are no less threatening for being incomplete, although catching it ahead of schedule does give the public some forewarning about the new dangers of the cloud technology.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.