Kaenlupuf is distributed through using corrupted spam email attachments.
Kaenlupuf uses a combination of the RSA and AES encryption to make the victims' files completely inaccessible. It targets a wide variety of file types in its attack, including audio, video, databases, and many document formats used commonly. The Kaenlupuf Ransomware delivers its ransom note in an HTML file named 'kaenlupuf-note.html,' which is dropped on the infected computer's desktop. The Kaenlupuf Ransomware ransom note contains the following text:
NOTE FOR YOU - MUST READ First of all, we congratulate you for being chosen to be among those with the most successful file protection from external threats. We understand that you need your files immediately. We introduced a special package with affordable price which is as low as 1 Bitcoin only. Surprised by our offer? So what are you waiting for, register your bitcoin wallet now to get your important files back. The longer you wait the price will increase. Your files are protected with RSA-2048 bit algorithm. Very good and interesting is it not? GET BACK MY FILES! To retrieve your files, follow these steps carefully: 1. Register your account in Bitcoin wallet at the following URL: https://blockchain.info/wallet/ 2. Use our bitcoin address to transfer your credit: 173MLPGRWdc6z91gQXBCHYVTkqTR9tMABb 3. The amount of the payment is as follows: 1 BTC 4. Make sure add your ID when making a transaction. TOKEN - YOUR ID: [RANDOM CHARACTERS]
MyCERT, an acronym for the Malaysia Computer Emergency Response Team, first developed Kaenlupuf. This is a software security provider that created Kaenlupuf as ransomware Trojan used to educate their staff and associated people. Kaenlupuf was used for exercises in the company. Unfortunately, at some point, Kaenlupuf was leaked and modified into a corrupted variant capable of carrying out effective attacks in the wild. This new variant of the original 2014 version of Kaenlupuf was first released in March 2017.