Education

Bitcoin Ransomware Education – Kriptovor

Whenever a Bitcoin ransomware combined with an information stealer pops up on the radar of security experts, things are becoming ugly pretty fast. Kriptovor definitely belongs in this category, as this type of malware is looking to collect a lot of financial information Russian businesses. But they are not the only victims, as any company dealing with Russian clients is on the hit list as well.

Kriptovor Is A Modular Form of Bitcoin Ransomware

Bitcoin ransomware on its own is scary enough, but when the developer has the option to add more functionality and versatility over time, things are looking very dire for whoever is infected with Kriptovor

. This modular approach had never been tested before, and this ransomware has gone through several iterations throughout the months it has been active.

Kriptovor originally started out as a malware intended to steal digital currency wallets. For example, Bitcoin users who store their coins on a computer have a “wallet”, which is saved in the form of a file in the computer system. What Kriptovor does is look for this file and its extension specifically, allowing hackers to steal bitcoins and other forms of digital currency without the user even noticing the theft.

As is the case with most forms of ransomware and malware, they are rather difficult to detect for antivirus solutions. Kriptovor is no exception in this regard, as it used evasive techniques and even cleaned up after itself when the damage had been inflicted on the computer.Moreover, this malware would try and determine the location of the user, indicating this infection was intended to affect specific regions, namely Russia.

Similar to just about every other Bitcoin ransomware to ever be created, Kriptovor spreads through infected email attachments This Word or PDF document contains a binary file, which gives the attached malware the green light to start performing its malicious tasks. Information is being logged and stolen, and files are encrypted shortly after.

Related Post

What makes this particular malware so intriguing is how it immediately detects whether or not the computer is connected to the Internet. If this is not the case, Kriptovor will automatically uninstall itself from the host device and erase any traces. Moreover, the infected email attachment will be removed from the computer as well.

Once the encryption process of Kriptovor has taken place, the Bitcoin ransomware will also prevent the computer from going into standby mode. All shadow copies present on the computer is removed as well, preventing users from restoring file access with a backup. Last but not least, a ransom note is generated with instructions on how to proceed with the payment. Every infection was subject to a specific deadline to get in touch with the Kriptovor creator, as requests after that hard deadline date would be ignored.

Source: FireaEye

Images credit 1.2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Aptos (APT) and Tron (TRX) Prices Slide, As Volume Soars For Rollblock Suggesting Parabolic Rally

As Aptos and Tron prices take a recent downturn, the spotlight shifts to Rollblock, whose…

6 hours ago

Altcoins to Watch in November: Binance Coin (BNB), Rollblock (RBLK), and Neiro (NEIRO)

As the crypto markets roll into their most bullish time of year, we present three…

6 hours ago

Analysts Forecast $1 for Cardano and Lunex Network As Dogwifhat Plunges To Former Lows

As the crypto market prepares for a major rally, experts believe that two top altcoins,…

7 hours ago

Retail Traders Panic Sell During ‘Fake Dip’; Whales Hold Tight to SOL, DTX, and SHIB for a Millionaire-Maker Bull Run

Solana (SOL): A Strong Ecosystem Despite Volatility Solana (SOL) has been all over the place…

7 hours ago

Llama 3.2 Predicts Price For Dogecoin: $2 Peak By 2025 And $5 Rally For DTX Exchange This Winter

Cryptocurrency trends are keen on the forecast that was recently released by Llama 3.2 model…

8 hours ago

Crypto Whale Sparks 8x Surge In $OPK Price with Massive Buy-in

A mysterious crypto whale, who previously invested 9,600 SOL into tokens $Pnut and $FRED, has…

10 hours ago