Ransomware virus named KryptoLocker has been reported by malware researchers to use a strong AES-256 encryption algorithm to encrypt files of infected computers. The virus is based on the notorious HiddenTear ransomware project which is available for free online. Users may see a ransom note either asking them to contact an e-mail address to pay a hefty ransom fee in Bitcoins (usually somewhere between 500 and 1000 US dollars). Even though the files can no longer be opened, experts advise users NOT to pay any ransom money since it is no guarantee of getting the files back. Also, users are advised to try removing the ransomware and restoring the files, more information for which you can find if you read this article.
|Short Description||KryptoLocker encrypts users’ files with a strong AES-256 cipher and asks ransom money for decryption.|
|Symptoms||The user may witness ransom messages and “instructions” which may link to a web page and e-mail with further payment instructions.|
|Detection Tool|| See If Your System Has Been Affected by KryptoLocker |
Malware Removal Tool
|User Experience||Join our forum to Discuss KryptoLocker Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
KryptoLocker Ransomware’s Spreading Methods
In order to infect the maximum amount of victims, KryptoLocker may use mass spambot campaigns which include a huge web list of e-mail addresses and spread messages which may contain the following:
- Malicious web links.
- Malicious e-mail attachments.
The malicious URLs may be featured in e-mails that are convincing the user to click on them, for example:
The malicious files may be masked as Microsoft Office documents or Adobe Reader documents as well as other files, for example:
- Confirmation letter.docx.exe
- Bank Transaction Summary.pdf.exe
They may also appear to be legitimate documents, but may contain malicious macros.
More Information About KryptoLocker Ransomware
As soon as the malicious file is opened, it may scan for the following information on the targeted computer:
- Operating system.
- Security software.
- What programs are installed.
After this, it may drop the ransomware’s payload on one or more folders. The payload may have files of the following types:
The malicious files may be responsible for different settings and one of them may be the encryption program which may run every time when you start Windows. This is most likely done by another file which may execute a script that creates values In the following registry key:
After the encryptor runs it may encrypt a variety of file extensions, usually in between 100 and 200. KryptoLocker ransomware primarily looks for:
- Audio files.
- Microsoft Office documents.
- Adobe documents.
- Other types of files associated with programs that are used often.
After this, it encrypts the discovered files with a very strong AES-256 cipher and makes them unopenable. After encrypting the files, the virus may also execute the following command to terminate all shadow copies and file history from the compromised computer:
KryptoLocker Ransomware – Conclusion, Removal and File Decryption Info
The bottom line for KryptoLocker is that it is nothing like the much older CryptoLocker. The virus is based on the HiddenTear project and the people behind it mean business. One indicator for that is the strong encryption and the fact that Hidden Tear has been the source of a lot of dangerous viruses, like Strictor, Sanction Ransomware and many many others.
If you wish to remove KryptoLocker Ransomware virus, we strongly advise you to follow the instructions below. They are designed so that they might assist you in removing KryptoLocker with maximum effectiveness. In case you cannot find and manually delete all files associated with the KryptoLocker virus, we urge you to use an advanced anti-malware program. This is because experts consider such software fully capable of removing ransomware threats like KryptoLocker and it also protects your computer from future threats.
To decrypt files which are encoded by KryptoLocker, unfortunately there is no solution at the moment, because this virus – encoder is rather new. However, experts are looking into it and as soon as there is a decryptor we will notify you. In the meantime you may want to try and restore your files using some of the alternative methods illustrated in step “3. Restore files encrypted by KryptoLocker” below.
Manually delete KryptoLocker from your Mac
Automatically remove KryptoLocker from your Mac
When you are facing problems on your Mac as a result of unwanted scripts and programs such as KryptoLocker, the recommended way of eliminating the threat is by using an anti-malware program. Combo Cleaner offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.