A new variant of the KeyPass ransomware has been gaining traction in August and is using new techniques like manual control to customize its encryption process, researchers said Monday.
Researchers at Kaspersky Lab who posted about the trojan said that it is being propagated by means of fake installers that download the ransomware module.
KeyPass enumerates local drives and network shares accessible from the infected machine and searches for all files, regardless of their extension. It skips files located in a number of directories, the paths to which are hardcoded into the sample. Every encrypted file gets an additional extension: “.KEYPASS” and ransom notes named “”!!!KEYPASS_DECRYPTION_INFO!!!.txt”” are saved in each processed directory.
This form allows the attacker to customize the encryption process by changing such parameters as, encryption key, name of ransom note, text of ransom note, victim ID, extension of the encrypted files, and list of paths to be excluded from the encryption. Due to the ability of manual encryption, the criminal can easily change the price of the decryption
Security Recomendation:
Users can protect themselves from the KeyPass ransomware by always having backups, installing software only from the trusted sources, using only strong passwords for RDP access and using a reliable security solution.
When you need reliable, secure, and cost-competitive cloud backup, to protect your information assets, recover anytime and anywhere, Acronis cloud backup provide fast and robust solutions to make sure you have reliable backup. Acronis cloud backup solutions including Windows, Linux, MacOS for desktop and server. Website and applications like MS Exchange and also mysql database. Beside of it, Acronis cloud backup solution also support Android and IOS for mobile devices backup solution. We are from Far.id providing this complete solution with zero upfront costs and a pay-as-you-go business model.
Start protecting your data now !
Wednesday, August 15, 2018
Powered by WHMCompleteSolution
