Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Kryptonite Ransomware

Kryptonite Ransomware is a malicious application that can enter your computer by stealth and encrypt many of your personal files and then demand you that you pay a ransom to recover your files. You must consider the possibility that the cyber criminals might not decrypt your files once you have paid. Therefore, you may want to remove this malware instead and try waiting for a free decryption tool to be developed. In this article, we will discuss how this ransomware works, how it is distributed, and how you can remove it. Therefore, if your PC has been infected with it, please continue reading.

We have received unconfirmed information that this ransomware is bundled with a particular snake game. However, there is no information such as the name of the game and which game hosting website distributes it. Nevertheless, there is still something to go on here. There are not too many snake-type games around that you can install on your PC, so keep that in mind if you want to avoid getting this ransomware accidentally. Try to avoid going to shady free game sharing websites that are known to bundle their games with additional software. Obviously, you cannot deselect Kryptonite Ransomware from being installed as its purpose is to infect as many computers as possible secretly.

If Kryptonite Ransomware has managed to slighter into your PC, then it is sure to start encrypting your files immediately. It was designed to use a unique RSA-2048 encryption algorithm to encrypt your files. This ransomware generates a unique public key that is stored on your PC. However, it also generates a corresponding decryption key that is sent to its server and stored until you pay the ransom. Kryptonite Ransomware’s developers want you to pay 500 USD to get your files back. The payment method is not specified. You should be provided with the details on how to pay it by going to Adsgoogle.eastus2.cloudapp.azure{.}com:27030. However, this website was down at the time of the research.

Our research has concluded that this ransomware was configured to encrypt more than a hundred file types that include various files such as images, video and audio files, as well as documents, file archiving formats, and so on. As you can see, this ransomware can encrypt most of your personal and value files. Nevertheless, it was set to skip some locations such as Temp, $Recycle Bin, $RECYCLE BIN, $WINDOWS, ~BT, Boot, cache2, Cookies, Content, IE5, AppData, ApplicationData, nvidia, intel, Microsoft, and System32, among many others.

Our analysis has shown that Kryptonite Ransomware creates a registry key at HKCU\SOFTWARE\security\Kryptonite upon infection. Furthermore, its main executable that is typically named 1.exe is dropped in %APPDATA% along with an image named awsomeRansome.jpg that is set to replace the desktop wallpaper. 1.exe is set to connect to a server at 52.225.217.31:27015. Lastly, once the encryption is complete, it drops a ransom note named Ransome Note.txt on the desktop. Note states that you have to run an executable named getMyId.exe, but research has shown that it does not drop this file, at least for now. You must run getMyId.exe to generate a unique user ID required to pay the ransom. So since it does not work and Adsgoogle.eastus2.cloudapp.azure{.}com:27030 is down, you cannot pay the ransom.

In closing, Kryptonite Ransomware is one malicious piece of software that was created by cyber criminals who want to extract money from you. This ransomware works only partially, and you cannot pay the ransom as the necessary website is down as well as this ransomware does not drop the executable required to generate your unique ID. In such circumstances, we recommend that you remove Kryptonite Ransomware from your PC using the guide provided below.

How to delete Kryptonite Ransomware manually

  1. Press Windows+E keys.
  2. In the File Explorer’s address box, type %APPDATA%
  3. Press Enter.
  4. Find 1.exe, 1.jpg, and awsomeRansome.jpg
  5. Right-click them and click Delete.
  6. Close File Explorer.
  7. Press Windows+R keys.
  8. Type regedit in the dialog box and hit Enter.
  9. Go to HKCU\Control Panel\Desktop|WallPaper
  10. Right-click it, click Modify and erase C:\Users\user\AppData\Roaming
  11. Click OK.
  12. Go to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers
  13. Find BackgroundHistoryPath0, right click it and click Modify.
  14. Erase C:\Users\user\AppData\Roaming\awsomeRansome.jpg
  15. Go to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  16. Delete 㩣慜灰攮數
  17. Lastly, go to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  18. Delete㩣慜灰攮數
  19. Close the Registry Editor.
Download Spyware Removal Tool to Remove* Kryptonite Ransomware
  • Quick & tested solution for Kryptonite Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.