Kryptonite Ransomware
Posted: June 26, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 59 |
| First Seen: | June 26, 2017 |
|---|---|
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The Kryptonite Ransomware is a Trojan that encrypts your files and asks you to pay money to recover them. This threat is disguising itself as an ASCII-based 'Snake' game to distract the user while it locks local content, and its ransoming method currently is non-functional. The simplest way to restore your files is to keep backups that Trojans can't encrypt or delete, and updated anti-malware programs should remove the Kryptonite Ransomware immediately.
Playing Games with Unpredictable Consequences
Usually, threat actors depend on stealth as their best protection from having threatening software identified, quarantined, and removed before their attacks finish. Minority incidents sometimes use other philosophies, however, such as distracting the victim with a fake update screen or game. The latter is the choice of the Kryptonite Ransomware, a particularly unusual, file-encrypting threat that entertains while attacking.
The Kryptonite Ransomware's file data suggests that it was an Israeli university student's pet project. The Trojan may be hiding as the same game it uses, initially, as its distraction: Snake, a game where the player must avoid colliding with his own, increasingly long tail.
Launching the Kryptonite Ransomware opens the text-based 'Snake' window. However, it also doubles as an output for the Kryptonite Ransomware's encryption scan, which merges the text of the encrypted file lines with the game's interface. The encrypting attack launches in a matter of seconds and allows the Kryptonite Ransomware to block arbitrary file types, such as DOC or JPG, by changing their internal data with a cipher.
The Trojan also gives its victims a Notepad ransom note that asks for payment to decrypt and unlock their media. Unlike similar file-encrypting threats, the Kryptonite Ransomware doesn't change the filenames, even by adding extensions, which could delay the victim's realization that their media isn't readable substantially.
Extracting a Snake from Your File System
Current versions of the Kryptonite Ransomware omit the ID-generating executable that victims need to receive the decryptor, which makes paying the ransom, not just risky, but guaranteed not to give any results. Although malware experts have yet to confirm whether the Kryptonite Ransomware is using an RSA-based attack (as its message asserts), free decryption is unavailable, for now. Backups are always the most secure method of keeping your files from being damaged by encryption, deletion or renaming.
The Kryptonite Ransomware isn't the only Trojan to use games to hide their real features. Previous threats with similar disguises sometimes circulate by masking their installers as being gaming software or bundling with other programs. Downloading your files from trustworthy hosts and scanning suspicious content with security software can help you detect and remove mislabeled, corrupted files. Although detection rates for this Trojan are low, malware experts still recommend updating and running anti-malware scans for uninstalling the Kryptonite Ransomware from an infected PC.
With the gaming industry in a boom and more products available at lower prices than ever, there's almost no reason to look for legally questionable gaming downloads. Stay to safe venues for your entertainment, and you'll be all the less likely to deal with ransoms from the Kryptonite Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.