Ransomware Report

You can check the latest ransomware information.

title
Analysis of malicious ransomware key group [KeyGroup] using encryption algorithm
Registration date
2022-11-21
views
29131

[KeyGroup Ransomware]

[Virus/malware activity reported: KeyGroup ransomware]

As a security breach presumed to be in the form of KeyGroup ransomware has occurred,
we would like to confirm the situation and provide a warning as follows.

KeyGroup ransomware

The ransomware is called KeyGroup and appears to be changing all files with the extension <existing name.existing extension.7z.4bPQb6-PrwjRN>.

How it works

file version


[Figure 1 File version]


[Figure 2 File properties]

behavioral process

  • Register additional executable files

    Create an additional executable file in a specific location and register it in the startup program.


    [Figure 3 Additional executable file registration]


    [Figure 4 Additional executable file registration]

Infection results

The information file is created under the name README8.txt in each folder, and when encryption is performed, the files are changed to <existing name.existing extension.7z.4bPQb6-PrwjRN>.


[Figure 5 Infection result 1]


[Figure 6 Infection result 2]


[Figure 7 Infection result 3]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.


[Figure 8 Block message]


[Figure 9 Block message]

Watch KeyGroup blocking video

Previous post
Analysis of ransomware [T800] using military-grade encryption algorithm (TermCryptS3v2+RSA2048)
next post
Analysis of BlackBit, a ransomware encrypted with BlackBit
List
WhiteDefender Term of Use|Privacy Policy
Everyzone White Defender Co., Ltd. | CEO: Seunggyun Hong|Business registration number: 220-81-67981
Copyright ⓒEveryzone , Inc. All Rights Reserved.|