Kraken Cryptor Ransomware

What is Kraken Cryptor?

Kraken Cryptor is a ransomware variant we often encounter in our lab. The most recent version, Kraken Cryptor 1.2, first appeared near the end of August 2018.

This can be a very dangerous ransomware virus to be infected with since even its distributors appear to occasionally have difficulty decrypting the data successfully upon receiving payment. Read on to learn more about this ransomware strain, how it spreads, what you can do to protect yourself, and who to turn to if you become infected.Kraken Cryptor renames each file it encrypts using an eight-digit numerical pattern (for example, 00000001-lock, 00000002-lock, 00000003-lock, etc.) and appends the file extension “.onion” to each file. So, for example, a file titled “Tax Returns 2018.pdf” would become “00000000-lock.onion” if it is the first file to be encrypted.


How does Kraken Cryptor infect users?

Kraken Cryptor can be spread through many of the common methods of ransomware dissemination, such as malicious attachments in email spam and spearphishing campaigns, deceptive downloads on third-party software downloading and file sharing websites, botnets, exploits, web injections, and fake software or operating system updates. It can also be spread to businesses and other organizations by hacking through unprotected RDP (Remote Desktop Protocol) connections when a cyber intrusion or data breach occurs. The cyber criminals behind data breaches often install ransomware on their way out to obfuscate the rest of their criminal actions.

When Kraken Cryptor lands on your computer, it first checks the country of the PC user, the default input language, and Windows language packs by IP address to guess at the nationality of the victim, and should not encrypt files if the user appears to be from certain countries. Whitelisted countries include Armenia, Azerbaijan, Belarus, Brazil, Estonia, Georgia, Iran, Kyrgyzstan, Kazakhstan, Lithuania, Latvia, Moldova, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan. The distributors of Kraken Cryptor claim to offer free decryption to any accidentally-infected users from Iran and countries of the former Soviet Union.

Upon infecting the victim’s PC, Kraken Cryptor adds itself to the registry and then deletes any Volume Shadow Copies it can find and disables Windows System Restore and system repair functions.

Ktraken Cryptor ransom note: # How to Decrypt Files.txt

> What happened to my computer?

All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by KRAKEN CRYPTOR!

The speed, power and complexity of this encryption have been high and if you are now viewing this guide. It means that KRAKEN CRYPTOR immediately removed form your system!

No way to recovery your files without KRAKEN DECRYPTOR software and your computer UNIQUE KEY!

You need to buy it from us because only we can help you!

> What the mean is encryption?

In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it.

And those who are not authorized cannot.> How can recover my files?

We guarantee that you can recover all your files soon safely.

You can decrypt one of your encrypted smaller file for free in the first contact with us.

For the decryption service, we also need your KRAKEN ENCRYPTED UNIQUE KEY you can see this in the top!

Are you want to decrypt all of your encrypted files? if yes! You need to pay for decryption service to us!

After your payment made, all of your encrypted files has been decrypted.

> How much is need to pay?

You need to pay (0.25 BTC), payment only can made as Bitcoins.

This links help you to understand whats is a Bitcoins and how it work:

https://en.wikipedia.org/wiki/Bitcoins

> How to obtain Bitcoins?

The easiest way to buy Bitcoins is LocalBitcoins website.

You must register on this site and click BUY Bitcoins then choose your country to find sellers and their prices.

https://localBitcoins.com/buy_Bitcoins

Other places to buy Bitcoins in exchange for other currencies:

https://Bitcoins.org/en/exchanges

> Attention

* DON’T MODIFY OR RENAME ENCRYPTED FILES!

* DON’T MODIFY KRAKEN ENCRYPTED UNIQUE KEY!

* DON’T USE THIRD-PARTY OR PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY!

* DON’T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY CANNOT DIRECT DECRYPT YOUR FILES AND CONTACT WITH US, THEY ARE MAY ADD EXTRA CHARGE!

> Additional

– Project KRAKEN CRYPTOR doesn’t damage any of your files, this action is reversible if you follow the instructions above.

– Also, our policy is obvious: NO PAYMENT! NO DECRYPT!, if you do not have the ability to pay, we review your terms.


How to decrypt Kraken Cryptor encryption

Unfortunately, there is no freely-available decryptor for this ransomware strain, and the encryption method it uses is fairly complex. There are multiple layers of AES, RSA, Salsa20, and RC4 encryption in place. All of the keys are securely generated, protected by a “session” key unique to each victim which is itself protected by the developers’ master RSA key.

Even more unfortunately, there have been incidents where, due to the complexity and sheer volume of ciphers involved, even the extortionists themselves are apparently having difficulty correctly decrypting the encrypted data.


How to protect yourself from Kraken Cryptor

  • Protect yourself from data breaches by using secure RDP and VPN connections and staying on top of spearphishing and email scams
  • Do not open email attachments if you do not know the sender
  • Do not open attachments from known senders until you confirm the person actually sent it
  • Keep your antivirus software and operating system up-to-date
  • Only download files and software from trusted sources, not third-party sites
  • Back up your data often and keep your backups in a secure, off-network location

I’m infected by Kraken Cryptor Ransomware – What do I do?

Tetra’s ransomware response and investigation services will thoroughly deal with your situation, doing everything from negotiating with the extortionists, if possible, to investigating your network for any other signs of intrusion. Since one of the vectors of this ransomware strain involves data breaches, the likelihood that ransoming your data is the matter of least concern to the hackers is high.

Check out some related content on our blog: