Home Malware Programs Ransomware '.kyra File Extension' Ransomware

'.kyra File Extension' Ransomware

Posted: November 1, 2016

The '.kyra File Extension' Ransomware is an update to the Globe Ransomware with changes including a new file extension and ransom note. The Trojan is still encrypting data and demanding ransom payments for decryption help, although malware experts recommend using other means of system recovery. Updated anti-malware software should block the '.kyra File Extension' Ransomware before it encrypts your content or delete the '.kyra File Extension' Ransomware after an infection's occurrence.

The Globe of Trojan Business Keeps on Turning

Malware authors often try not to work any harder than necessary for maintaining profitability. While this truism leads to many, similarly-functioning Trojans on the black market, it also helps the PC security industry develop effective solutions against a wide variety of threats. One example with definite drawbacks for its threat actor is the '.kyra File Extension' Ransomware, which replaces the Help_you@india.com Ransomware as being the latest version of the Globe Ransomware.

Similarly to those two Trojans, the '.kyra File Extension' Ransomware encrypts your data, including video game save files, Microsoft Office documents, and widely-used formats of images like JPG. Following a successful encryption payload, the '.kyra File Extension' Ransomware pulls up a ransom note that malware experts find updated from past versions of the Globe Ransomware, but with most of the distinctive features intact. The message includes a field displaying the victim's personal key, contact details, and a warning that failing to pay within a two-day time limit will close off any decryption assistance from the '.kyra File Extension' Ransomware's admin.

As per its name, the '.kyra File Extension' Ransomware also uses a separate extension for appending to encrypted content ('.kyra'). However, malware experts can confirm no changes to the underlying encryption mechanisms or improvements in protecting the decryption key. The encryption algorithm's carryover means that previous decryption solutions effective against the Globe Ransomware should maintain their full functionality against the '.kyra File Extension' Ransomware.

Flattening a Globe Trojan's Worth of Illicit Profits

PC owners without other methods of reacquiring their data, such as backups, can use free decryption software for reversing the primary damages of the '.kyra File Extension' Ransomware's payload. Trojans of this family, including the '.kyra File Extension' Ransomware, also use an encryption algorithm particularly ineffective against large file sizes (more than one gigabyte), which also helps limit the impact of an attack. While malware experts see that the '.kyra File Extension' Ransomware is continuing to use English-based ransom messages, readers should keep in mind that this threat's distribution most likely focuses on targets in Central Asia.

The '.kyra File Extension' Ransomware campaign may use any of various infection methods, including e-mail attachments, brute force attacks against network-accessible accounts, and scripts on unsafe Web domains. PC owners scanning their files for threats with the latest anti-malware utilities, changing their passwords regularly, and using safe browsing habits are at less risk. In all cases, your anti-malware solutions should be capable of deleting the '.kyra File Extension' Ransomware, although restoring any encoded data requires dedicated decryption software.

Regrettably, until the authorities bring the Globe Ransomware's threat actors to justice, it seems likely that new branches like the '.kyra File Extension' Ransomware will continue sprouting.

Loading...