The Kampret ransomware is a test version of a Hidden Tear based strain which has already infected targets worldwide.
Kampret Ransomware Description
Malware researchers uncovered a test virus known as the Kampret ransomware that is based on the Hidden Tear open-source project code. At the moment the virus has been able to infect only a limited number of victims. It is interesting to note that even though it has not reached a suitable form for wider distribution, there are a few virus reports that have been able to identify it in a small-scale attack campaign.
The hackers behind it has not created a virus that is efficient for mass deployment and it only features the bare bones of the Hidden Tear core. It is a simple virus that does not feature any advanced modules and follows the basic principle of this type of threats – the encryption of target user file and extortion of the computer targets.
The Kampret ransomware is a fine example of how hackers operate in these cases. They take source code from available sources and modify it to fit their targets. This malware automatically starts the encryption engine upon infection. The researchers have not been able to complete the initial analysis at the time of writing this post and we don’t have the complete list of user file type extensions. However as this is a descendant of the Hidden Tear family we presume that it uses the same configuration file. This means that the most important types of data are affected: documents, music, photos, archives, configuration files, backups and etc. All processed files are renamed using the .lockednikampret extension.
We expect to see a future version of the Kampret ransomware which will probably include a detailed ransomware note and additional functionality. Some of the recent Hidden Tear based viruses include screenlockers that prevent ordinary computer interaction. Other modules can include a persistence modifier which manipulates the Windows settings and prevents manual removal.
A final version of the ransomware note has not been identified, however the researchers have uncovered that in all detected samples the ranasomware operators demand a fee of 0.5 Bitcoins, the equivalent sum is about 600 US Dollars. The virus is also known under the alias of Kampretos.
Kampret Ransomware Distribution
The virus is carried in a single binary file which poses as a temporary artifact. It is very likely that it is carried as a payload by another virus attack or in a ransomware kit coordinated campaign. To this date we have seen a variety of different infection strategies that are being used.
One of the primary ones is through email spam messages. The hackers use social engineering methods to masquerade the virus as originating from a well-known and a legitimate company, organizations or institution. Depending on the campaign the virus may be linked, attached or installed via a malicious script placed in a document.
Another tactic uses malicious scripts hosted on various hacker-controlled sites and ad networks. They can redirect to the Kampret ransomware file. Such instances also include the infamous browser hijackers. They are dangerous extensions that have versions for the most popular web browsers: Mozilla Firefox, Google Chrome, Internet Explorer and Microsoft Edge. Once installed they modify the settings of the default home page, search engine and new tabs page to point to a hacker-controlled site.
Another source of attacks can include direct exploit kit attacks that attempt to compromise the hosts via outdated software.
Summary of Kampret Ransomware
| Name |
Kampret Ransomware |
| File Extensions |
.lockednikampret |
| Ransom |
0.5 Bicoins |
| Easy Solution |
You can skip all steps and remove Kampret Ransomware ransomware with the help of an anti-malware tool. |
|
Manual Solution |
Kampret Ransomware ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
| Distribution |
Spam Email Campaigns, malicious ads & etc. |
Kampret Ransomware Ransomware Removal
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
-
1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
-
1) Open My Computer/This PC
2) Windows 7
-
– Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
-
– Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
-
1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely Kampret Ransomware Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
-
1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Kampret Files
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
How To Restore Kampret Files
- 1) Use present backups
- 2) Use professional data recovery software
-
– Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
- 3) Using System Restore Point
-
– Hit WIN Key
– Select “Open System Restore” and follow the steps
- 4) Restore your personal files using File History
-
– Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
