Recently, security experts have been busy in battling a new and powerful ransomware. The ransomware has been discovered to be a new variant of Kraken Cryptor Ransomware. It is going by the name of Kraken Cryptor 2.0.5 Ransomware. The ransomware began surfacing in October 2018.
Identical to the original, the newer variant is a serious threat for businesses. The ransomware displays common characteristics of ransomware where it stealthily enters via distribution strategies like spam email campaigns and freeware. Some of the unique characteristics displayed by the ransomware include the following:
- Employs the use of TOR network to secure its contents.
- Adds a file titled “Instructions.txt” in the desktop, which serves as the ransom note.
- Potent enough to apply encryption on all types of data formats and locks different files.
- A .JLQUF extension is appended at the end of the hacked files, rendering them inaccessible.
- Encryption is applied via a combination of AES and RSA— standard but extremely powerful cryptographic algorithms.
- So far, the common attribute in these cases is Windows OS.
In the beginning of the ransom note from Kraken Cryptor 2.0.5 Ransomware, users are informed about the breach and locking of data by the mention of ransomware name. Afterward, they are forced to comply with ransomware removal. For successful ransomware removal, a decryption key is promised, which is named as “KRAKEN ENCRYPTED UNIQUE KEY”. In exchange for the key, which is promoted as the only tool to remove ransomware, a ransom demand of 0.075 BTC is mentioned.
Moreover, the attackers ask their victims to initiate communication with them as soon as possible via the given email. The initial deadline of the ransom payment is one week. Failure to comply with the demand leads to a bigger demand in the future. The letter ends with one last threat to pay the ransom.
