Draft:Krotten
Computer ransomware
From Wikipedia, the free encyclopedia
Krotten is a malware designed to target Microsoft Windows devices. A form of ransomware, it acts as a trojan which encrypts files in affected devices, demanding payments in exchange for the restoration of the device's functionality.[1]
 | Review waiting, please be patient.
This may take 2 months or more, since drafts are reviewed in no specific order. There are 4,274 pending submissions waiting for review.
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
Reviewer tools
|
Evolution
Krotten originated in 2005 as an illegal software available for download on a site hosted in Russia.[2] It was disguised as a program designed to generate codes to transfer funds into mobile phone accounts.[3] It was developed by Ukrainian hackers, and the author claimed on the site that it would work for "nearly all Ukrainian mobile service providers."[2] It functioned similarly to GPCode, in that upon running the program, the user's operating system would be locked down. An error message would be displayed on the screen offering a file that would remove Krotten from the device in exchange for a sum equivalent to $5 USD.[3] The payment was requested to be sent via an email provided in the error message[3] or in some iterations to be sent to the author's account under the Ukrainian cell provider Kyivstar, depending on the iteration of the program.[4]
Krotten was first detected after Russian users began reporting the program to cybersecurity companies.[5] In November of 2005, Kaspersky contacted the the site's hosting company. The hosting company quickly shut down the site, making it more difficult for users to access the program files. However, Kaspersky warned that the program's author may have made the it available using another free web hosting service.[2]
The most common version of Krotten today, which was first detected in 2010, functions differently from previous iterations and is considered by many cybersecurity providers to have a high threat level.[6][7] Upon launch, the program disables shutdown in the start menu, disables the 'log out' function in the start menu, changes the home page of Edge (formerly Internet Explorer), and changes values in the registry to allow autorun, among other actions.[7] As in previous iterations, money is requested to be sent via email.[8]
Microsoft claims that Windows Defender currently has the capability to detected Krotten and prevent it from infecting devices.[9] Cybersecurity hobbyists have attempted to run Krotten and found that Windows Defender is able to detect the malware.[10] They have also found that Krotten is capable of running on Windows 10 and 11 (without malware protections enabled), but the email account to which the user is prompted to send ransom funds has recently been deleted.[10][11]
