Education

Bitcoin Ransomware Education – Kriptovor

Whenever a Bitcoin ransomware combined with an information stealer pops up on the radar of security experts, things are becoming ugly pretty fast. Kriptovor definitely belongs in this category, as this type of malware is looking to collect a lot of financial information Russian businesses. But they are not the only victims, as any company dealing with Russian clients is on the hit list as well.

Kriptovor Is A Modular Form of Bitcoin Ransomware

Bitcoin ransomware on its own is scary enough, but when the developer has the option to add more functionality and versatility over time, things are looking very dire for whoever is infected with Kriptovor

. This modular approach had never been tested before, and this ransomware has gone through several iterations throughout the months it has been active.

Kriptovor originally started out as a malware intended to steal digital currency wallets. For example, Bitcoin users who store their coins on a computer have a “wallet”, which is saved in the form of a file in the computer system. What Kriptovor does is look for this file and its extension specifically, allowing hackers to steal bitcoins and other forms of digital currency without the user even noticing the theft.

As is the case with most forms of ransomware and malware, they are rather difficult to detect for antivirus solutions. Kriptovor is no exception in this regard, as it used evasive techniques and even cleaned up after itself when the damage had been inflicted on the computer.Moreover, this malware would try and determine the location of the user, indicating this infection was intended to affect specific regions, namely Russia.

Similar to just about every other Bitcoin ransomware to ever be created, Kriptovor spreads through infected email attachments This Word or PDF document contains a binary file, which gives the attached malware the green light to start performing its malicious tasks. Information is being logged and stolen, and files are encrypted shortly after.

Related Post

What makes this particular malware so intriguing is how it immediately detects whether or not the computer is connected to the Internet. If this is not the case, Kriptovor will automatically uninstall itself from the host device and erase any traces. Moreover, the infected email attachment will be removed from the computer as well.

Once the encryption process of Kriptovor has taken place, the Bitcoin ransomware will also prevent the computer from going into standby mode. All shadow copies present on the computer is removed as well, preventing users from restoring file access with a backup. Last but not least, a ransom note is generated with instructions on how to proceed with the payment. Every infection was subject to a specific deadline to get in touch with the Kriptovor creator, as requests after that hard deadline date would be ignored.

Source: FireaEye

Images credit 1.2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

2 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

2 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

2 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

2 hours ago

Is XRP About to Explode? How Trump’s Victory Is Affecting XRP Price Amidst JetBolt Growth

Ripple’s XRP showed a 68% price increase in the last 7 days following Trump's victory,…

2 hours ago

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

5 hours ago