What is KeyPass ransomware?

KeyPass ransomware

KeyPass is ransomware that targets everyone and is spread through spam emails and questionable sources. It infects computers all across the world, regardless of political or racial affiliation.

  • KeyPass is ruthless in its selection of captive files. Many ransomware strains target specific file extensions, but this one merely targets a few folders. With the extension, keypass, all other material on the computer is converted to mumbo jumbo. It doesn't encrypt entire files; only the top 5 MB of each is encrypted.

  • The malware leaves a TXT notice in "processed" directories, demanding that victims purchase a program and an individual key for file recovery. To persuade victims that they will not be squandering their money, they are asked to transmit 1-3 files for free decryption by the cybercriminals. They ask to be paid using cryptocurrencies within 72 hours.

  • Some KeyPass Ransomware victims have been infected with two different ransomware threats, albeit it is unclear whether the same criminals are carrying out both the assaults or if other criminal gangs are targeting the same victims.

  • The Trojan sample identified was written in C++ and compiled in Microsoft Visual Studio. After installation, it modifies the Windows Registry to gain boot persistence. After that, KeyPass encrypts files using the AES-256 cipher and adds the "keypass" suffix.

  • "Manual control" is a hidden feature included with KeyPass. It can only be activated by employing a specific key combination, allowing hackers to take manual control of the virus and change the victim's ID, file extension, encryption key, and various other file encryption preferences, making the KeyPass infection far more hazardous.

  • It also connects to its command-and-control servers to obtain the encryption key, rendering the user's files unusable without it. Hence, the infected device will not be connected to the Internet, or the Command & Control server will not be reachable. KeyPass employs a hard-coded key, making KeyPass ransomware removal and file recovery easier.

How to Prevent KeyPass Ransomware Attacks?

  • Never download unknown apps from suspicious websites or click on unknown links. This will assist you in avoiding a majority of malware that lurk on the Internet.

  • Third-party downloaders/installers frequently contain rogue programs, hence such tools should not be used.

  • Keep your software up to date since there will be many security patches.

  • It is essential to have a reliable anti-virus/anti-spyware package installed and operating.

  • Always keep a backup of all your files and data.

  • Be alert and keep updating yourself, don't be careless about such cyber threats and ransomware. Always be cautious.

Updated on: 28-Dec-2021


Kickstart Your Career

Get certified by completing the course

Get Started