New ‘Keypass,’ a Highly Prolific Ransomware

Kaspersky Lab the security company has been analyzing one fresh ransomware strain called KeyPass, which according to the researchers, has a concealed feature that enables attackers to compromise a contaminated PC, thus indicating more sophisticated assaults are about to arrive. The compromise gives the attacker manual hold over the system, making the ransomware prolific during past few days, while especially attacking developing countries.

The countries which have been most hit with KeyPass are Brazil accounting for 19.51% of the assaults, Vietnam -14.63% and India -5-7%, among others.

KeyPass ransomware reflects quite the known characteristics. Once it fully infects the system it encrypts the entire number of files on that system while appends one added extension namely .KEYPASS to the already existing file-names.

Cyber security specialist Orkhan Mamedov from Kaspersky explains just as KeyPass executes assault against a computer system, it establishes a link with its C&C infrastructure to obtain the encryption code as well as the ID facilitating the contamination with respect to the host PC and its operator.

The malware serves one ransom note which is labeled EYPASS_DECRYPTION_INFO!!!.txt that's stored within the various processed directories. Normally the note draws the victim's attention by stating his files, databases, pictures, documents along with other vital files have been locked via encryption while the extensions to them are named KeyPass.

Moreover, the ransomware message asks to pay up money needed for the victim to buy software which would decrypt his locked files. A highly intriguing characteristic of KeyPass is that it can attain manual control over the target computer. The virus has one concealed form, by default, that becomes visible via hitting one of the keyboard's special buttons, says Mamedov.

The specialist further says that the manual hold over the host possibly lets the attacker do a customization of the encryption procedure via altering things like the ransom message's text and name, the encryption key and encrypted files' extensions.

Even the peers of Mamedov within the cyber-security community too observed that the new ransomware started proliferating widely during August. For its propagation, the malware relies on fake installers which pull down the ransom software onto the target computers.

» SPAMfighter News - 8/28/2018