This week, security professionals has received reports of yet another ransomware called Kraken Cryptor v2.2. This ransomware spreads through various infection methods such as spam emails and malware files. The Kraken Cryptor v2.2 encrypts files on desktops and network shares, changes file names and appends random extension to the names of encrypted files.
Kraken Cryptor V2.2 ransomware
The Kraken Cryptor v2.2 is a malicious software that created in order to encrypt personal files. It hijack a whole computer or its data and demand a ransom in order to unlock (decrypt) them. The creators of the Kraken Cryptor v2.2 virus have a strong financial motive to infect as many systems as possible. The files that will be encrypted include the following file extensions:
.wbd, .lvl, .doc, .upk, .webp, .zi, .wri, .m2, .wpd, .sav, .7z, .zip, .d3dbsp, .wsc, .wpb, .xls, .sb, .wsd, .forge, .wpd, .mpqge, .sidn, .xbdoc, .db0, .zif, .xf, .hplg, .wav, .xx, .xld, .psk, .xdb, .blob, .vfs0, .3ds, .wsh, .eps, .wps, .wotreplay, .y, .z3d, .icxs, .dcr, .csv, .ods, .tor, .hvpl, .0, .fsh, .raf, .xlsx, .snx, .wma, .syncdb, .py, .dmp, .wgz, .bay, .svg, .bar, .hkdb, .accdb, .xy3, .itm, .jpe, .wdp, .arw, .indd, .yml, .odp, .mov, .rb, .wma, .lbf, .dazip, .wpw, .vtf, .wbm, .ff, .lrf, .x, .kf, .xwp, .sis, .ibank, .ws, .qic, .css, .wm, .vcf, .menu, .xml, .dxg, .xyp, .sr2, .flv, .vpk, .wbk, .x3f, .wpg, .wn, .ptx, .re4, .wire, .tax, .iwd, .xmmap, .p7b, .bkp, .wpl, .wcf, .gdb, .2bp, .xlgc, .zdb, .wps, .sid, .ntl, .xls, .wbz, .bsa, .wb2, .vdf, .crt, .avi, .wp, .xbplate, .sidd, .p7c, .sum, .zabw, .bkf, .nrw, .1, .pem, .dwg, .zip, .xmind, .docx, .cas, .odt, .srf, .wp6, .desc, .t13, .wpa, .1st, .mef, .der, .wbc, .vpp_pc, .mrwref, .t12, .wp7, .pdd, .mdf, .odm, .pkpass, .bik, .layout, .orf, .pdf, .wmf, .xlk, wallet, .wmv, .pst, .3fr, .cfr, .txt, .bc6, .rim, .wdb, .ncf, .odc, .crw, .psd, .wmv, .mddata, .epk, .zw, .rtf, .kdc, .fpk, .ysp, .wmd, .srw, .sql, .hkx, .png, .slm, .rw2, .dba, .fos, .wmo, .apk, .x3f, .wp5, .mcmeta, .pptx, .wot, .m4a, .mdb, .kdb, .mlx, .rgss3a, .webdoc, .xpm, .p12, .docm, .xlsx, .arch00, .cr2, .wpt, .yal, .qdf, .ai, .xdl, .x3d
Once the encryption procedure is finished, it will create a ransom demanding message called “Instructions-***.txt” offering decrypt all users documents, photos and music if a payment is made. An example of the ransom demanding message is:
#All your files has been encrypted by "KRAKEN CRYPTOR". # Read the following instructions carefully to decrypt your files. (What happened to my computer)? All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by "KRAKEN CRYPTOR"! Don't delete .**** files! there are not virus and are your files, but encrypted!The speed, power and complexity of this encryption have been high and if you are now viewing this guide. It means that "KRAKEN CRYPTOR" immediately removed form your system! No way to recovery your files without "KRAKEN DECRYPTOR" software and your computer "UNIQUE KEY"!You need to buy it from us because only we can help you! (How can recovery my files)? We guarantee that you can recover all your files soon safely. You can decrypt one of your encrypted smaller file for free in the first contact with us. For the decryption service, we also need your "KRAKEN ENCRYPTED UNIQUE KEY" you can see this in the top! Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us! After your payment made, all of your encrypted files has been decrypted. (How much is need to pay)? You need to pay (0.125 BTC), payment only can made as Bitcoins. This links help you to understand whats is a Bitcoins and how it work. hxxps://en.wikipedia.org/wiki/BitcoinThis price is for the contact with us in first week otherwise it will increase. (Where can buy Bitcoins)? The easiest way to buy Bitcoins is LocalBitcoins website. You must register on this site and click "BUY Bitcoins" then choose your country to find sellers and their prices. hxxps://localBitcoins.comOther places to buy Bitcoins in exchange for other currencies worldwide: hxxps://www.bestbitcoinexchange.io (How to contact you)? We use best and easy way to communications. It's email support, you can see our emails below.Please send your message with same subject to both address.E-Mail:onionhelp@memeware.net Alternative BM-2cWdhn4f5UyMvruDBGs5bK77NsCFALMJkR@bitmessage.ch (Attention) DON'T MODIFY OR RENAME ENCRYPTED FILES.DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY".DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY". DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE. (Additional) Project "KRAKEN CRYPTOR" doesn't damage any of your files, this action is reversible if you follow the instructions above. Also, our policy is obvious: "NO PAYMENT, NO DECRYPT". # Read the following instructions carefully to decrypt your files. After your payment made, all of your encrypted files has been decrypted. All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by "KRAKEN CRYPTOR"! Also, our policy is obvious: "NO PAYMENT, NO DECRYPT". Alternative Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us! DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE. Don't delete .*** files! there are not virus and are your files, but encrypted! DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY". DON'T MODIFY OR RENAME ENCRYPTED FILES. E-Mail: BM-2cWdhn4f5UyMvruDBGs5bK77NsCFALMJkR@bitmessage.ch
The ransom note offers victim to contact Kraken Cryptor v2.2’s developers in order to decrypt all personal files. These persons will require to pay a ransom (usually demand for 0.125BTC). We don’t recommend paying a ransom, as there is no guarantee that you will be able to decrypt your documents, photos and music. Especially since you have a chance to restore files encrypted by “KRAKEN CRYPTOR” for free using free tools such as the ShadowExplorer and PhotoRec.
We recommend you to remove Kraken Cryptor v2.2 ransomware ASAP, until the presence of this virus has not led to even worse consequences. You need to follow the step-by-step instructions below that will help you to completely remove Kraken Cryptor v2.2 virus from your computer as well as restore encrypted personal files, using only few free tools.
Table of contents
- What is Kraken Cryptor v2.2 ransomware virus
- How to decrypt files encrypted by “KRAKEN CRYPTOR”
- How to remove Kraken Cryptor v2.2 ransomware virus
- How to restore files encrypted by “KRAKEN CRYPTOR”
- How to prevent your personal computer from becoming infected by Kraken Cryptor v2.2 virus?
- To sum up
How to decrypt files encrypted by “KRAKEN CRYPTOR”
Currently there is no available way to decrypt files encrypted by “KRAKEN CRYPTOR”, but you have a chance to recover encrypted photos, documents and music for free. The ransomware uses a hybrid AES + RSA encryption mode. What does it mean to decrypt the files is impossible without the private key (so called “KRAKEN ENCRYPT UNIQUE KEY”). Use a “brute forcing” is also not a method because of the big length of the key. Therefore, unfortunately, the only payment to the makers of the Kraken Cryptor v2.2 virus entire amount requested – the only way to try to get the KRAKEN DECRYPTOR, KRAKEN ENCRYPT UNIQUE KEY and decrypt all your files.
There is absolutely no guarantee that after pay a ransom to the makers of the Kraken Cryptor v2.2, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware virus.
How to remove Kraken Cryptor v2.2 ransomware virus
There are a few ways which can be used to remove Kraken Cryptor v2.2. But, not all ransomware such as this virus can be completely removed utilizing only manual solutions. Most often you are not able to remove any virus utilizing standard Microsoft Windows options. In order to remove Kraken Cryptor v2.2 you need use reliable removal utilities. Most IT security researchers states that Zemana Anti-malware, Malwarebytes or KVRT utilities are a right choice. These free programs are able to search for and delete Kraken Cryptor v2.2 ransomware from your PC for free.
Remove Kraken Cryptor v2.2 with Zemana Anti-malware
You can remove Kraken Cryptor v2.2 virus automatically with a help of Zemana Anti-malware. We recommend this malware removal tool because it may easily get rid of ransomwares, potentially unwanted applications, ad-supported software and toolbars with all their components such as folders, files and registry entries.
Please go to the link below to download the latest version of Zemana for Microsoft Windows. Save it on your Windows desktop.
164998 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
When downloading is complete, start it and follow the prompts. Once installed, the Zemana Free will try to update itself and when this procedure is finished, click the “Scan” button to perform a system scan with this utility for the Kraken Cryptor v2.2 ransomware virus and other malware.
This process can take quite a while, so please be patient. When a malicious software, adware or potentially unwanted apps are detected, the number of the security threats will change accordingly. Wait until the the checking is finished. In order to delete all items, simply press “Next” button.
The Zemana Anti Malware (ZAM) will start to get rid of Kraken Cryptor v2.2 ransomware virus and other malicious software and potentially unwanted applications.
Remove Kraken Cryptor v2.2 with MalwareBytes
Remove Kraken Cryptor v2.2 virus manually is difficult and often the ransomware is not completely removed. Therefore, we suggest you to run the MalwareBytes Free that are completely clean your PC. Moreover, this free program will allow you to remove malware, potentially unwanted apps, toolbars and ad supported software that your personal computer may be infected too.
Installing the MalwareBytes Free is simple. First you will need to download MalwareBytes Free on your machine from the link below.
327240 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After the download is done, close all programs and windows on your personal computer. Double-click the install file named mb3-setup. If the “User Account Control” prompt pops up as shown in the figure below, click the “Yes” button.
It will open the “Setup wizard” that will help you set up MalwareBytes on your computer. Follow the prompts and do not make any changes to default settings.
Once setup is finished successfully, click Finish button. MalwareBytes will automatically start and you can see its main screen as shown below.
Now press the “Scan Now” button to find the Kraken Cryptor v2.2 ransomware and other security threats. This process can take quite a while, so please be patient.
Once the system scan is finished, you’ll be displayed the list of all detected items on your PC system. Make sure all threats have ‘checkmark’ and click “Quarantine Selected” button. The MalwareBytes Anti Malware will start to delete Kraken Cryptor v2.2 virus related files, folders and registry keys. When the cleaning procedure is complete, you may be prompted to restart the computer.
We recommend you look at the following video, which completely explains the procedure of using the MalwareBytes AntiMalware (MBAM) to remove ad supported software, hijacker and other malicious software.
Remove Kraken Cryptor v2.2 virus with KVRT
KVRT is a free removal tool which can scan your computer for a wide range of security threats such as the Kraken Cryptor v2.2 virus, adware, potentially unwanted applications as well as other malicious software. It will perform a deep scan of your PC including hard drives and Microsoft Windows registry. After a malware is found, it will help you to get rid of all found threats from your computer with a simple click.
Download Kaspersky virus removal tool (KVRT) from the following link.
129281 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the download is complete, double-click on the Kaspersky virus removal tool icon. Once initialization process is finished, you’ll see the Kaspersky virus removal tool screen as shown below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button . Kaspersky virus removal tool program will scan through the whole machine for the Kraken Cryptor v2.2 ransomware virus and other trojans and malicious applications. This task can take some time, so please be patient. While the tool is checking, you can see how many objects and files has already scanned.
When Kaspersky virus removal tool completes the scan, you’ll be opened the list of all found threats on your PC system as displayed in the following example.
When you’re ready, click on Continue to begin a cleaning procedure.
How to restore files encrypted by “KRAKEN CRYPTOR”
In some cases, you can restore files encrypted by Kraken Cryptor v2.2 virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted documents, photos and music.
Use shadow copies to restore files encrypted by “KRAKEN CRYPTOR”
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
Download ShadowExplorer on your PC from the link below.
439638 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After downloading is complete, extract the downloaded file to a directory on your computer. This will create the necessary files as shown in the figure below.
Start the ShadowExplorerPortable program. Now select the date (2) that you wish to restore from and the drive (1) you want to restore files (folders) from like below.
On right panel navigate to the file (folder) you want to restore. Right-click to the file or folder and click the Export button as shown in the figure below.
And finally, specify a folder (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Use PhotoRec to recover files encrypted by “KRAKEN CRYPTOR”
Before a file is encrypted, the Kraken Cryptor v2.2 ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your documents, photos and music using file restore software such as PhotoRec.
Download PhotoRec on your personal computer by clicking on the link below.
When the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder like below.
Double click on qphotorec_win to run PhotoRec for MS Windows. It’ll display a screen as displayed on the image below.
Select a drive to recover as shown below.
You will see a list of available partitions. Select a partition that holds encrypted files as displayed on the image below.
Press File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is done, click OK button.
Next, click Browse button to choose where recovered files should be written, then press Search.
Count of recovered files is updated in real time. All restored photos, documents and music are written in a folder that you have chosen on the previous step. You can to access the files even if the restore process is not finished.
When the restore is finished, click on Quit button. Next, open the directory where restored documents, photos and music are stored. You will see a contents as shown on the image below.
All recovered photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to prevent your personal computer from becoming infected by Kraken Cryptor v2.2 virus?
Most antivirus software already have built-in protection system against the ransomware virus. Therefore, if your computer does not have an antivirus program, make sure you install it. As an extra protection, run the CryptoPrevent.
Use CryptoPrevent to protect your computer from Kraken Cryptor v2.2 ransomware
Download CryptoPrevent on your MS Windows Desktop by clicking on the link below.
www.foolishit.com/download/cryptoprevent/
Run it and follow the setup wizard. Once the installation is finished, you’ll be displayed a window where you can select a level of protection, as on the image below.
Now click the Apply button to activate the protection.
To sum up
Now your PC should be clean of the Kraken Cryptor v2.2 ransomware virus. Delete MalwareBytes AntiMalware and KVRT. We suggest that you keep Zemana Free (to periodically scan your PC for new malicious software). Moreover, to prevent virus, please stay clear of unknown and third party programs, make sure that your antivirus application, turn on the option to block or search for ransomware.
If you need more help with Kraken Cryptor v2.2 virus related issues, go to here.
