- A new ransomware distribution campaign has been identified which is being distributed through unknown sources.
- Not much is known about the ransomware currently other than the fact that users of at least 20 countries have been targeted.
- The most likely means of distribution is through cracks for pirated software with some users reporting the same.
A variant of a STOP ransomware has been identified by multiple security firms, which is being distributed in at least 20 countries. With multiple sources being cited by victims, the scale of the KeyPass malware distribution campaign is unknown. According to statistics posted by ID Ransomware, a noticeable spurt in ransomware has been seen since August 8th with submissions from all around the globe.
KEYPASS ransomware (https://t.co/tvDOORxLpd) is spreading all over the Earth.
From late evening of 8th this month, already got 100 submissions to IDR, from more than 20 countries.
Anyone got sample yet? Or at least info about how it's spreading?@BleepinComputer @demonslay335
— MalwareHunterTeam (@malwrhunterteam) August 10, 2018
To avoid any confusion, even though the name of the ransomware sounds similar to KeePass, the Keypass malware has nothing to do with the password management software. Whenever a user is affected by the ransomware, files on their system get encrypted and have a .KEYPASS extension added at the end of all files. A ransom note file is made which offers instructions on how to recover your files along with payment instructions. If you are affected, contact law enforcement instead of communicating with the attackers to seek assistance.
To avoid the risk of having your files encrypted it is recommended to backup all of your system files. There are many backup utilities available which can transfer copies of your important files to a separate storage device or on the cloud. You should also not have any remote desktop services connected to the internet, and it is recommended to use a VPN to avoid ransomware attacks like KeyPass.
If you do not have a good anti-malware program, it is recommended to invest in professional software to keep yourself safe. Do not download pirated software or open attachments without scanning them as added measures of protection. It is also recommended to update your OS and software regularly to ensure software vulnerability patches are delivered on time.