KEYPASS ransomware: data-encrypting virus spreads in more than 20 countries

KEYPASS ransomware is creating more versions since the first attack at the beginning of August

Esolutions team has spotted this virus in the first week of August and a few weeks, this virus has spread quite widely. In a few days, it was known that virus striked in more than 20 countries around the world. The biggest amount of victims were reportedly from Brazil and Vietnam. This variant of ransomware has .keypass extension that each file gets after the successful encryption.

Also, as typical ransom demanding virus KEYPASS ransomware displays a ransom note: !!!KEYPASS_DECRYPTION_INFO!!!.txt. In this message, the victim may see an explanation of this situation and the information about the payment. $300 is the amount virus developers want to get, and as usual, the payment should be in Bitcoin. A victim has only 72 hours to pay up if they want to get their data allegedly decrypted. But most of the cybersecurity experts advise people not to pay.

The hidden features of the ransomware

This virus has a feature of manual control that needs to be activated with a specific key on the keyboard. This is not typical for other ransomware viruses. The feature allows hackers to gain access to the infected system and changing the victim’s ID, file extension, and other encryption-related information. This makes KEYPASS ransomware even more dangerous.

Also, KEYPASS ransomware can be used as a spreader for other malware. This virus can open the backdoor for infections like trojans. This is very dangerous because ransomware demands a payment directly, but trojan can mine cryptocurrency or track your banking information without your knowledge.

Ransomware prevention tips

As a company related to cybersecurity for more than ten years, we have encountered a lot of malicious programs. For many years ransomware is one of the most dangerous cyber infections. The developers of this virus make a lot of money from this activity, and it allows them to gain profit easily. However, you as a victim should never pay the demanded amount of money. This cannot give positive results. The only thing you can do is try to avoid these infections as much as possible.

There is a way to keep your system safe from cyber infections like this dangerous ransomware. You need to pay more attention to processes happening on your device. And be aware that any system vulnerability can affect the security of your PC. The best solution is a reputable cybersecurity software. Antivirus and anti-malware tools should be essential. And the best way to ensure that your device is secure is keeping these programs up-to-date.

Another great tip is to backup everything you own. Photos, videos, important documents should be backed up more occasionally because if ransomware infects your device, it modifies all of your data and in most cases, without a possibility to decrypt the files. Keep your files on an external drive safely and be safe.

Posted in support.