KiRa Ransomware Will Hold Your Files Hostage

KiRa is the name of an insidious ransomware recently uncovered by our team during an analysis of malware samples.

This malicious software operates by encrypting sensitive data, employing a clever tactic of appending a four-character random extension to the filenames, and changing the desktop wallpaper. To make their intentions clear, the cybercriminals behind KiRa drop a compelling ransom note ("read it!!.txt") in the affected system.

KiRa's file renaming approach is simple - the ransomware appends four random characters as a new extension: a file initially named "1.jpg" would be transformed into "1.jpg.szem," while "2.png" morphs into "2.png.mo3y," and so on.

The ransom demands outlined in the ransom note are simple - the hacker behind the KirA ransomware asks for $2000, and they furnish specific contact details, namely the email address "b_@mail2tor.com" and an Instagram account "@DD00," through which they expect communication for payment arrangements.

KiRa's Ransom Note Asks for $2000

The full text of the KiRa ransom note reads as follows:

I'm from an international wanted u can call me : KiRa

I am an undercover hacker

My name is: GreatKiRa

I will use your computer as collateral for collection

i just want：2000$ LoL

Payment address: b_@mail2tor.com

contact details : b_@mail2tor.com

IG: @DD00

Hehh .. i think u are in big trouble $:
sO Contact me after payment and I will unlock it for you
If you do not pay, your computer and files will be automatically destroyed,

How Can Ransomware Like KiRa Get Inside Your System?

Ransomware like KiRa can infiltrate a system through various means, often exploiting vulnerabilities and human behavior. Here are some common ways ransomware can get inside your system:

• Phishing Emails: One of the most prevalent methods is through phishing emails. Cybercriminals send deceptive emails that appear legitimate, containing malicious attachments or links. When users open these attachments or click on the links, the ransomware is downloaded and activated on their system.
• Malicious Websites: Visiting compromised or malicious websites can also expose users to ransomware. These sites may host exploit kits that exploit security flaws in browsers or plugins to deliver the ransomware payload.
• Exploiting Software Vulnerabilities: Ransomware creators look for vulnerabilities in operating systems, software, or applications. Once they identify a weakness, they use it to gain unauthorized access to the system and deploy the ransomware.
• Malvertising: Malicious advertising, or malvertising, involves cybercriminals placing harmful ads on legitimate websites. When users click on these ads, they are redirected to websites hosting ransomware.
• Infected Software Installers: Some attackers disguise ransomware within seemingly harmless software installers or updates. When users download and run these infected files, the ransomware is deployed.