Kriptor Ransomware Asks for Bitcoin Ransom


Yet another strain of file-encrypting malware was spotted in the wild. The newest strain is called the Kriptor ransomware.

The Kriptor ransomware will encrypt almost every file on a system, leaving files essential to the operation of the OS intact. Affected files that do get encrypted include most media extensions, archive files and databases, as well as all documents. Once encrypted, the files receive the new ".Kriptor" extension, appended after their original one.

This means that a file that was previously called "document.rtf" will turn into "document.rtf.Kriptor" once it has been scrambled by the ransomware.

The ransom note asks for no specific amount of money but mentions that payment is expected to be in Bitcoin. The note is deposited inside a plain text file named "read_it.txt", which is placed on the desktop.

The full contents of the ransom note are as follows:

Don't worry, you can return all your files!

All your files like documents, photos, databases and other important are encrypted

What guarantees do we give to you?

You can send 3 of your encrypted files and we decrypt it for free.

You must follow these steps To decrypt your files :   

Write on our e-mail ( In case of no answer in 24 hours check your spam folder

or write us to this e-mail:

Obtain Bitcoin (You have to pay for decryption in Bitcoins.

After payment we will send you the tool that will decrypt all your files.)

July 25, 2022