Kmrox Ransomware is a Phobos Family Member

ransomware

During the examination of new file sample submissions, our researchers came across another variant of Phobos ransomware called Kmrox. This type of malware falls under the category of ransomware, which is designed to encrypt data and demand payment for its decryption.

On our testing system, Kmrox encoded files and modified their names. The original file names were extended with a unique identification linked to the victim, the email address of the cybercriminals, and a ".kmrox" extension. For instance, a file that was originally labeled as "1.jpg" appeared as "1.jpg.id[9ECFA84E-3489].[exezez@blaze420.it].kmrox," and so forth. Following this, ransom notes were generated through a pop-up window ("info.hta") and a text file ("info.txt").

The ransom messages from Kmrox specify that the files are inaccessible due to encryption. The notes indicate that the only way to recover the files is to purchase the decryption key and software from the cybercriminals. The payment is required in the form of Bitcoin cryptocurrency, although the exact amount is not mentioned in these messages – it's only suggested that the payment might be influenced by how quickly contact is established.

The victim is also given the option of a complimentary decryption test (within specific parameters). The notes conclude with warnings against altering the encrypted data and seeking assistance from third parties.

Kmrox Uses Lengthy Ransom Note

The complete text of the Kmrox ransom note reads as follows:

All your files have been encrypted!

At the moment there is no way to decrypt the data, except to request from us a decryptor and a key with which you will recover all your data.
If you want to restore them, write to us by email: exezez@blaze420.it
Write this ID in the title of your message -
For quick and convenient feedback, write to the online operator in the Telegram messenger: @exezaz
(Be careful when entering the Telegram account name, it must be exactly the same as above, beware of fake accounts.)
Also, from some mail services, your letter may not reach or get into spam, so to increase the likelihood of receiving a quick response, also duplicate your letters to our spare email addresses: helze@cyberfear.com and exezaz@msgden.com
Payment for decryption is made in bitcoins. In order to find out the price, write to the above contacts. The sooner you contact us, the lower the price will be. After payment, we will send you a tool that will decrypt all your files.

Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins
You can buy Bitcoin in any place convenient for you, a beginner's guide is here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/

Attention!
To get guaranteed help in decrypting your files, please contact only the contacts listed in this note, because at the moment there are many scammers who,
under the pretext that they can decrypt your data, request a free decryption through us and pass it off as a demonstration that they can decrypt your files.
Remember that the key for decrypting files is individual in each individual case, so you will not be able to decrypt your files yourself using third-party software, it will only spoil your files.
If you want to communicate through an intermediary, then check the price with our operator in advance, since intermediaries often wind up the real price. !!! When contacting third parties,
we do not guarantee the decryption of your files!!!
Also, to avoid problems with decryption, do not rename your files.

What is the Phobos Ransomware Family of Clones?

The Phobos ransomware family consists of a group of ransomware variants that share similar characteristics and methods of operation. These variants are often referred to as "clones" because they are believed to be derived from the same original source code or share a common framework. The Phobos ransomware family is known for encrypting victims' files and demanding a ransom for their decryption.

The Phobos ransomware variants typically exhibit the following characteristics:

  • File Encryption: Like most ransomware, Phobos variants encrypt victims' files using strong encryption algorithms, making the files inaccessible without a decryption key.
  • Ransom Notes: Phobos ransomware creates ransom notes that inform victims of the encryption and provide instructions on how to pay the ransom to obtain the decryption key.
  • Email Contacts: The ransom notes usually include email addresses that victims can use to contact the attackers for further instructions on payment and decryption.
  • Unique Extensions: Phobos variants often append unique extensions to encrypted files, making them easily identifiable. These extensions are usually a combination of random characters or identifiers.
  • Bitcoin Payments: The ransom demands are typically requested in cryptocurrency, particularly Bitcoin, due to its pseudonymous nature that makes it harder to trace.
  • Variability in Ransom Amounts: Different variants of Phobos ransomware may have varying ransom amounts, often depending on factors such as the victim's profile and how quickly they make contact with the attackers.
  • Targeted Distribution: Phobos ransomware is commonly distributed through phishing emails, malicious attachments, exploit kits, and other methods used by cybercriminals to spread malware.
  • Similar Codebase: Phobos variants share similarities in code and behavior, suggesting a common source or framework that attackers have modified to create different versions.

It's important to note that while Phobos variants share similarities, they can also evolve over time with new features, tactics, and techniques. As with any ransomware, the best defense against Phobos and its variants is a combination of strong cybersecurity practices, regular data backups, keeping software up-to-date, and maintaining a cautious approach to email attachments and links.

By Zaib
August 29, 2023
Ransomware
English
August 29, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Unknown Ransomware is a New Phobos Malware Family Member

We recently ran into a ransomware variant belonging to the Phobos family, dubbed Unknown. This malicious software encrypts files and changes their filenames, adding the victim's ID, an email address, and the... Read more

January 27, 2023
Ransomware

Unique Ransomware Joins Phobos Clone Family

A new strain of ransomware belonging to the Phobos family was spotted by researchers this week. The new variant is called the Unique ransomware. Unique encrypts files on the system and leaves them scrambled. Encrypted... Read more

September 28, 2022
Ransomware

Zatp Ransomware is a New Djvu Family Member

Zatp is the name of a file-encrypting strain of malware, also known as ransomware. The new variant belongs to the family of ransomware variants based on Djvu ransomware code. Zatp will affect most files found on an... Read more

November 7, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.