Kaspersky Keypass ransomware
Few days back a Cyber security research team from Kaspersky labs analyze a new ransomware ‘Keypass’ and it spreading fastly and affecting most of the computers across the world which are South America, Africa, Europe, Asia and Middle East countries. As per today’s tech news, the Keypass ransomware now gained a new feature that allows hackers to deploy malicious code manually.
According to the security researchers, the ransomware Keypass is an alternative of STOP ransomware discovered in 2017. While, the KeyPass ransomware contains a form that covers defaultly and access after pressing a specific button on a keyboard. When the malware enters into the targeted machine, copies an executable code into a special folder and then the folder will delete automatically.
How the malware targets
Before deleting the folder, the malware will run into other different areas for encrypted files. To search for files, the Keypass ransomware first identifies the local drives and network shares access from the victim device after that the ransomware connect to Command & Control Server and send device ID and the encrypton key. Then the malware uses encryption AES-256[4] cipher and adds a .KEYPASS extension for providing personal data and also adds a malware note to each affected folder. After the completing this process, hackers request $300 BTC from victim within 3 days.
If the internet not set up on the victim PC, the ransomware will encode data and allowing to get data back easily.
Kaspersky said, “this feature would allow hackers to gain manual control over the malicious program. Also, hackers can change parameters of malware remotely, including victim ID, File extension, name of the ransom note, context of the ransom note, encryption key, etc. This means that the size of ransom will also changed”.
Still now there is no solution to fix this problem so users beware before downloading or installing software from third-party sources.
