Ransomware is still the biggest software security threat out there. It targets everyone, big and small, and it can cripple individuals, businesses and government offices around the world.
In fact, some ransomware attacks can be so severe that employees are turning to old-school equipment like typewriters and calculators!
As we keep telling you, one thing about ransomware that’s so appealing to cybercriminals, aside from its profitability, is its adaptability. It’s constantly evolving, as cybercriminals change their code to suit their needs and to elude security software. For example, this newly discovered campaign that’s rapidly spreading now allows the attacker to modify it on the fly!
Read on and learn what this ransomware is all about so you can stop it in its tracks before it hits you.
“KeyPass” ransomware campaign
A new campaign for the ransomware variant called KeyPass (not to be confused with the legitimate password manager KeePass) has been spotted and it looks like aside from locking users out of their files, it’s planting the seeds for more sophisticated attacks in the future.
KeyPass first appeared on August 8 and has claimed hundreds of victims in more than 20 countries so far.
It’s still not known how KeyPass is being spread but according to Bleeping Computer, the ransomware appeared after the victims downloaded and installed software key cracks from the internet. However, other victims are saying that KeyPass appeared on its own without user interaction.
Security researchers at Kaspersky Lab noted that while the ransomware is simple in its execution, it contains an option for its authors to manually take control of an infected computer then install more complex attacks on the victim’s network.
KeyPass itself also includes a way for the attackers to customize the encryption process, including the encryption key, the ransom note, and the encrypted file extension. Bad news all around!
The ransom note
Currently, the KeyPass ransom note indicates that “All your files, documents, photos, databases and other important files are encrypted and have the extension .KEYPASS.”
It also tells the victim that the only way to recover the encrypted files is to purchase the decryption software and the unique private key for $300 within the first 72 hours of the infection. This suggests that if the victim doesn’t contact the provided email address for further instructions within that time period, the ransom amount will increase.
How to protect yourself against KeyPass
Since there are no free public decryption keys for KeyPass yet, it is currently impossible to recover a victim’s files at this time without the private keys. In most cases, it is not recommended that you pay the ransom since there is no guarantee that the cybercriminals will fulfill their end of the bargain and successfully unlock your files.
Your best bet against a total disaster is to have a complete and reliable backup of your files (such as our sponsor IDrive).
Additionally, no one knows for sure how KeyPass is being distributed so it’s important that you remain proactive to guard against malware in general.
Don’t download and install software from unknown sources and beware of so-called software key crackers and pirated programs, which are illegal on their own anyway.
Other attackers may also be exploiting Remote Desktop Protocol (RDP) software, which lets attackers secretly control a victim’s computer. (This explains why some users claim that the ransomware magically appeared on its own.)
If you’re using RDP to access your computer remotely, make sure it is not directly exposed to the internet by using a VPN service to conceal it.