Home Malware Programs Ransomware KICK Ransomware

KICK Ransomware

Posted: July 9, 2019

The KICK Ransomware is a file-locking Trojan that's an update of Dharma Ransomware – the dominant branch of Crysis Ransomware's family. The KICK Ransomware can block you from opening your PC's files by encrypting them and holds them for ransom with instructions that it delivers in assorted warning messages. A well-maintained backup and the presence of anti-malware tools should help most users with recovery or deleting the KICK Ransomware safely as it becomes necessary.

A Program that's a Real Kick in the Files

As the seasons change, so do Trojans, and a new version of the Dharma Ransomware is infecting victims' computers in the summer of 2019. The KICK Ransomware supplants spring's PLUT Ransomware, a fellow family member in the same region, although their relatives – such as the '.Bear File Extension' Ransomware, the '.cccmn File Extension' Ransomware, or the Arrow Ransomware – tend to ignore national boundaries. Its attacks vary from the immediately-preceding payloads of other campaigns from the family minimally, which uses Ransomware-as-a-Service methods of making money.

Although the KICK Ransomware may use China-specific infection methods, such as mislabeling torrents for referencing Chinese media content or games, its attacks include the usual, AES-256 and RSA-1024 encryption. This feature locks files of non-system formats, such as archives or documents. The KICK Ransomware includes additional tags on the names of this content, which consists of an ID, its e-mail, and the 'KICK' extension.

Since the KICK Ransomware also issues a command-line command for erasing the Shadow Volume Copy backups, its attack keeps the non-opening files hostage indefinitely. The Trojan capitalizes on the scenario with HTA or TXT ransom notes, which give the victim a ransom demand for the decryptor that reverses the 'locking' effect. Users should, if possible, keep backups of their media on other devices for a superior recovery solution.

Backstepping a Hacker's Roundhouse

Remote Desktop vulnerabilities are an avenue that threat actors use for compromising and taking hostage Web servers. However, administrators can implement countermeasures that make these attacks less effective or entirely impotent. 2FA, strong passwords, disabling RDP when it's not necessary, and avoiding default settings for your ports and firewall rulesets will improve your defenses.

Other victims may compromise their PCs after e-mail-based interactions. Spam and phishing messages associated with file-locker Trojans can pretend that they're billing alerts, messages from office equipment or fellow employees, or news articles. Many of these exploits use macros, which Microsoft Office programs deactivate unless the user re-enables them.

Anti-malware products from most vendors should block any installation exploits related to this threat. Although they can remove the KICK Ransomware afterward, as well, doing so doesn't recover any blocked media.

As another blow struck in the war against users' files, the KICK Ransomware is violence via software. The fact that the target is data, instead of one's physical body, hardly makes it any more peaceful.

Related Posts

Loading...