KCTF Locker Ransomware

Posted by Sarah Stewart on October 11, 2018

What is KCTF Locker Ransomware?

We could not call KCTF Locker Ransomware a real threat because research has revealed that it has been developed for a competition. Specifically speaking, someone has developed it for the CyberSecurity Capture The Flag event. It was not distributed by cyber criminals at the time of analysis. We do not know whether this threat will ever be used as a tool to obtain money from users, but we still want you to know about it. Theoretically, new ransomware infections might be developed on its source code, or crooks might borrow this threat, update it a little, and then start distributing it with the intention of obtaining money. It does not really matter which version of this threat you encounter because you cannot keep any malicious application installed on your computer. Even the tiniest infection must be deleted from the system right away because you cannot know what it will evolve into. If nothing changes, it will be a piece of cake to remove this program from the system. Unfortunately, no files will be unlocked if they have already been encrypted no matter you delete KCTF Locker Ransomware manually or scan your system with an antimalware scanner to clean it. test test

What does KCTF Locker Ransomware do?

The original version of KCTF Locker Ransomware has not been developed to cause problems to users; however, cyber criminals might still start distributing it actively one day. They might also create new infections on the source code of this ransomware infection. If you have encountered the version of KCTF Locker Ransomware that has encrypted all your personal files, there is not much you can do. Yes, you will probably be offered to purchase the special decryptor from cyber criminals, but this is definitely not what you should do. The original KCTF Locker Ransomware version opens a window with a message demanding 10 Bitcoin, but we suspect that cyber criminals will change the amount of money indicated if they ever start distributing this malicious application because nobody is going to pay 10 Bitcoin (~65 875 USD) for the decryption tool. It should be emphasized that the initial version of KCTF Locker Ransomware that was developed for the competition was not set to lock personal files even though it demands a ransom. The ransomware infection tried to find only one file with the .dwg extension at the time of analysis. Of course, its modus operandi will be slightly changed if cyber criminals ever start distributing it.

Where does KCTF Locker Ransomware come from?

As mentioned, KCTF Locker Ransomware has been developed for the competition. As a consequence, it was not distributed by cyber criminals at the time of research. Of course, everything might change in the near future, so you should not forget how ransomware infections are usually spread – this knowledge should help you to protect your system against crypto-malware. According to security specialists, ransomware infections are mainly spread via malicious email attachments, but it does not mean that they cannot be promoted in a different way. It is also believed that malicious software might be dropped on the user’s computer if the RDP connection is successfully hacked. Last but not least, users can, undoubtedly, download malware from the web themselves. The original version of KCTF Locker Ransomware displays a warning (“This is a program written as a part of CTF task. But it can be harmful for your computer. Choose Cancel to exit. If you are OK, press OK”) once launched, but cyber criminals should remove it if they update it/build new ransomware for money extortion on its source code. In such a case, the presence of a bunch of encrypted files will probably be the first symptom that will show you that the entrance of KCTF Locker Ransomware was successful.

How to remove KCTF Locker Ransomware

There is nothing clever about keeping malware active on the system, so no matter KCTF Locker Ransomware has locked your files or not, delete it right away if you have encountered it. If you somehow encounter exactly the same version of the ransomware infection analyzed by our researchers, you will eliminate it by simply closing the window opened on your screen and deleting the opened file, aka the ransomware launcher. A reputable antimalware tool will automatically delete KCTF Locker Ransomware for you as well without difficulty.