Home Malware Programs Ransomware Kampret Ransomware

Kampret Ransomware

Posted: April 12, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 66
First Seen: April 12, 2017
OS(es) Affected: Windows

The Kampret Ransomware is a Trojan that can block your files by encoding them with the AES encryption. Its payload also creates messages asking for you to pay Bitcoins to unlock your content, although malware analysts recommend using other, well-established data recovery solutions. Industry-standardized anti-malware protection should account for most infection vectors this threat is likely to use and remove the Kampret Ransomware without letting it encrypt the contents of your PC.

Just a Branch of Hidden Tear Sucking out Your Money

Although Utku Sen's Hidden Tear software isn't one of the most sophisticated file-encrypting Trojans to date, con artists do make frequent use of it for the simple reason of its sheer, widespread availability. Originally owing its existence to educational motives, Hidden Tear is now one of the larger families of file-encoding threats, with its code being hijacked by different teams of on artists. The Kampret Ransomware is only one of the latest samples of Hidden Tear to come across malware experts' radar.

The Kampret Ransomware's name translates literally to 'bat' in Indonesian, although slang usage also re-purposes the word into an epithet. Despite the name its author chose for it, the Kampret Ransomware communicates with any victims with English-based messages. However, any text is visible only after the Trojan finishes damaging your local media for the purpose of holding it up for ransom.

The Kampret Ransomware encrypts your local files, such as text documents, with the same AES-based ciphers that other variants of Hidden Tear use. The threat actor also has reset the new extension that the Kampret Ransomware adds to the end of any encrypted filenames to '.lockednikampret,' which is custom to this Trojan.

Once it's blocked any files, the Kampret Ransomware places a Notepad message on the user's desktop, communicating its ransom demands for 0.5 Bitcoin and providing an e-mail address for any negotiation by the victim. This payment converts to roughly six hundred USD and, once paid, can't be refunded without the threat actor's permission even if he doesn't provide a means of unlocking your encoded data.

Sending the Kampret Ransomware Back Off into the Night

The Kampret Ransomware operates under the hope that any victims will not have backups to recover their encrypted content, but it also may delete the Windows Shadow Copies, or other, local data recovery options. Because paying con artists for their decryption software or key always has the potential of backfiring, anyone needing to unlock their files should, first, try using free Hidden Tear-based decryptors. External backups still are the strategy malware analysts can most endorse unreservedly for stopping file-encrypting threats like the Kampret Ransomware from inflicting long-lasting damage.

Because the Kampret Ransomware's campaign is new, little information is available for determining how it's distributing itself publicly. However, malware experts do confirm that some of the Kampret Ransomware executables are using fake extensions, with names implying that they're temporary files associated with the Facebook Web service. Con artists could propagate them with exploit kits in corrupted advertising content or a hacked site, bundle them into an unrelated download, or attach them to spam e-mails.

Anyone invested even trivially into the saved data on their PC should consider investing in both proven backup solutions and anti-malware products for eliminating the Kampret Ransomware before it can begin its encryption attacks. Waiting for symptom problems to appear often makes it too late to recover the files that are already being held hostage by Bitcoin-hungry perpetrators.

Loading...