Kryptonite Ransomware

What is Kryptonite Ransomware?

Our malware analysts have recently discovered a new ransomware-type computer infection that was dubbed Kryptonite Ransomware. This application was designed by cyber criminals to encrypt most of the files on your PC and then demand that you pay money to recover them. You can get it accidentally by installing a game, but not much is known about the nature of its distribution. Its encryption algorithm is regarded as very secure, so decrypting your files with a free third-party decryption tool might not work. However, paying the ransom is not an option as the required features to do that do not work. To learn more about this ransomware, please continue reading.testtest

What does Kryptonite Ransomware do?

If Kryptonite Ransomware were to infect your computer, then it will please its main executable called 1.exe in %APPDATA%. It will also place two image files named 1.jpeg and awsomeRansome.jpg. Furthermore, it will create a registry key at HKCU\SOFTWARE\security\Kryptonite. Once all files are in place, it will change the desktop image to awsomeRansome.jpg that provides information on what has happened to your PC.

Once on your PC, Kryptonite Ransomware will begin encrypting your files. Our malware experts say that this ransomware is capable of encrypting many file formats that include jpeg, txt, .pdf, jpg, dat, .mx0, .cd, pdb, .xqx, .old, .cnt, and many other file types. In fact, this ransomware is capable of encrypting nearly two hundred file formats. As a result, your precious pictures, videos, documents, and other valuable files can be permanently encrypted. Nevertheless, it does not encrypt files in all locations. It was set to skip many folders, particularly those that contain Windows files and programs. These locations include System32, Sample Music, Sample Pictures, Sample Videos, Sample Media, Templates, git, $SysReset, Temp, $Recycle Bin, $RECYCLE BIN, $WINDOWS, ~BT, Boot, cache2, and many others.

Researchers say that 1.exe has been configured to connect to a server at 52.225.217.31:27015. It generates a unique public encryption key that is stored locally on your PC and a private decryption key that is sent to the server. This ransomware was designed to use an RSA-2048 encryption algorithm that ensures a strong encryption. The bad news is that once it has encrypted your files, you cannot do anything about it. This ransomware should also drop a file named getMyId.exe that you should run to get a unique user ID that you would probably have to enter on a website at http://adsgoogle.eastus2.cloudapp.azure{.}com:27030, but it does not, and the website above also does not work. Therefore, there is no way you can pay the ransom. Once the encryption is complete, it will drop a ransom note on the desktop named Ransome Note.txt" which is a simple text file. Take note that the ransom payment is 500 USD so them money might not be worth your even if you could pay it.

Where does Kryptonite Ransomware come from?

Our cyber security experts say that Kryptonite Ransomware is bundled with some snake-type computer game that you download and install. The installer is probably configured to inject this ransomware on your PC secretly. You may find this elusive game on some low-grade game downloads hosting website. Unfortunately, there in not enough conclusive information to determine how this ransomware is distributed.

How do I remove Kryptonite Ransomware?

We hope that this article was useful and now you know the reason why you cannot pay the ransom, provided that your PC has been infected with Kryptonite Ransomware. A free decryption tool may be in the works by now, but we would not hold our breaths as it may take a while. Therefore, in the mean time, you ought to remove this ransomware. You can use the manual removal guide featured below or get an anti-malware program such as SpyHunter to delete it for you.

Removal Instructions

  1. Hold down Win+E keys.
  2. Type %APPDATA% in the File Explorer’s address box and press Enter.
  3. Find 1.exe, 1.jpg, and awsomeRansome.jpg
  4. Right-click them and click Delete.
  5. Close File Explorer.

Delete the registry entries

  1. Hold down Win+R keys.
  2. Type regedit in the dialog box and hit Enter.
  3. Navigate to HKCU\Control Panel\Desktop
  4. Find WallPaper and right-click it.
  5. Click Modify and erase C:\Users\user name\AppData\Roaming\awsomeRansome.jpg from the value data line.
  6. Click OK.
  7. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers
  8. Find BackgroundHistoryPath0, right-click it and click Modify.
  9. Erase C:\Users\user name\AppData\Roaming\awsomeRansome.jpg and click OK.
  10. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  11. Delete 㩣慜灰攮數
  12. Navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  13. Delete㩣慜灰攮數
  14. Close the Registry Editor. 100% FREE spyware scan and
    tested removal of Kryptonite Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *