KingOuroboros is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on June 1, 2018, this ransomware has been actively targeting systems worldwide.
Quick Facts
Ransomware Family
KingOuroboros
First Seen
June 1, 2018
How KingOuroboros Ransomware Works
Targeted Files
8ccb8d636263e4041454e336caa77fce9f7f0f6260ead8a2bc5f8c954f17d89e -> not working sample
original_file_name.king_ouroboros.original_file_extension
c03bc8bca99649841c97d3f9835acd3bc97496049ffd837fca6d0e30581d0517 -> OK
Ransom Note and Payment Demands
After encrypting files, KingOuroboros displays ransom notes demanding payment for file recovery:
message
Ransom message:
notes/note.txt
Note locations:
Login
fileREADME!!! ALL YOUR FILES HAVE BEEN SECURELY ENCRYPTED!!!.txt
Ransom message:
notes/README!!! ALL YOUR FILES HAVE BEEN SECURELY ENCRYPTED!!!.txt
Note locations:
Desktop
Technical Indicators
Associated Executable Files
The following executable files are associated with KingOuroboros ransomware:
Java Update Scheduler
jusched.exe
KingOuroboros.exe
JAVA_UPDATER.EXE
sa.exe
dumped
Elastio Can Help You
Don't let KingOuroboros ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This KingOuroboros ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like KingOuroboros.