Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search
Ransomware Attacks

Kraken Ransomware Disguises Itself As Legitimate Anti-Spyware Software

Everything isn’t always what we seem.  This is something we have come to know and accept.  However, when we download a program that is supposed to protect us, that is what we expect it to do.  Apple users were recently duped with Adware Doctor, which positioned itself as an adware prevention tool, but actually was spying on user behavior.  Now, hackers have used the name and logo of the SuperAntiSpyware, an anti-malware tool, to trick users into downloading the ransomware deemed Kraken.

Kraken Uses Security Program Name and Logo to Spread to Unknowing Victims

To be clear, SuperAntiSpyware is a legitimate anti-malware tool.  However, Kraken stole the company’s logo and name to target users.  The only difference between the Kacken and the legitimate program executable files are one letter in the file name.  SuperAntiSpyware uses SUPERAntiSpyware.exe, while Kraken uses SUPERAntiSpywares.exe.  Now, for those users who downloaded the legitimate program, you would not be impacted by this.  However, those who downloaded the malicious file would experience encryption of various files.

Once a user opts to download SUPERAntiSpywares.exe, the malicious executable begins to run.  The only time this will be blocked from running would be if the user was employing a security solution that was using an application whitelist.  Or, if blacklist antivirus companies are updating the blacklist to include SUPERAntiSpywares.exe.

If the file is allowed to run, it will first ensure the location of the device is not in a certain geographical area.  For instance, if the device is in Iran or Brazil, the ransomware will not execute.  Assuming you are in a location they have deemed acceptable to encrypt, the malware will scan the device for files with a variety of file extensions, including .jpeg, .doc, .zip, etc.  Once these files are recognized, they are renamed with the file name 00000000-Lock.onion and encrypted.

At this time, there is no free option for decrypting files that have been locked by the Kraken ransomware.  The only way users can restore locked files would be through their backup files.

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles