Education

Bitcoin Ransomware Education – Kriptovor

Whenever a Bitcoin ransomware combined with an information stealer pops up on the radar of security experts, things are becoming ugly pretty fast. Kriptovor definitely belongs in this category, as this type of malware is looking to collect a lot of financial information Russian businesses. But they are not the only victims, as any company dealing with Russian clients is on the hit list as well.

Kriptovor Is A Modular Form of Bitcoin Ransomware

Bitcoin ransomware on its own is scary enough, but when the developer has the option to add more functionality and versatility over time, things are looking very dire for whoever is infected with Kriptovor

. This modular approach had never been tested before, and this ransomware has gone through several iterations throughout the months it has been active.

Kriptovor originally started out as a malware intended to steal digital currency wallets. For example, Bitcoin users who store their coins on a computer have a “wallet”, which is saved in the form of a file in the computer system. What Kriptovor does is look for this file and its extension specifically, allowing hackers to steal bitcoins and other forms of digital currency without the user even noticing the theft.

As is the case with most forms of ransomware and malware, they are rather difficult to detect for antivirus solutions. Kriptovor is no exception in this regard, as it used evasive techniques and even cleaned up after itself when the damage had been inflicted on the computer.Moreover, this malware would try and determine the location of the user, indicating this infection was intended to affect specific regions, namely Russia.

Similar to just about every other Bitcoin ransomware to ever be created, Kriptovor spreads through infected email attachments This Word or PDF document contains a binary file, which gives the attached malware the green light to start performing its malicious tasks. Information is being logged and stolen, and files are encrypted shortly after.

Related Post

What makes this particular malware so intriguing is how it immediately detects whether or not the computer is connected to the Internet. If this is not the case, Kriptovor will automatically uninstall itself from the host device and erase any traces. Moreover, the infected email attachment will be removed from the computer as well.

Once the encryption process of Kriptovor has taken place, the Bitcoin ransomware will also prevent the computer from going into standby mode. All shadow copies present on the computer is removed as well, preventing users from restoring file access with a backup. Last but not least, a ransom note is generated with instructions on how to proceed with the payment. Every infection was subject to a specific deadline to get in touch with the Kriptovor creator, as requests after that hard deadline date would be ignored.

Source: FireaEye

Images credit 1.2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

3 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

3 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

4 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

5 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

8 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

9 hours ago