{"id":83413,"date":"2016-09-12T17:06:28","date_gmt":"2016-09-12T11:36:28","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=83413"},"modified":"2024-03-12T11:04:51","modified_gmt":"2024-03-12T05:34:51","slug":"be-careful-of-the-kmspico-activator-it-could-be-a-ransomware","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/be-careful-of-the-kmspico-activator-it-could-be-a-ransomware\/","title":{"rendered":"Be Careful of the KMSPico Activator &#8211; It could be a Ransomware!"},"content":{"rendered":"<p>If you are using KMSPico Activator for activating your Windows or MS Office, then you could be risking yourself to a ransomware infection. Quick Heal Threat Research Labs has recently observed a new variant of ransomware called Domino that is using this activator as a carrier. The malware encrypts the infected files and appends the extension \u201c.domino\u201d to the files.<\/p>\n<p><strong>How does the Domino ransomware enter its victim&#8217;s computer?<\/strong><\/p>\n<p>The ransomware pretends to be the <strong>KMSPico Windows Activator<\/strong> (a tool used to activate any version of Windows and Microsoft office). An unsuspecting user may install this tool thinking it to be the real one, and end up infecting their computer with the ransomware.<\/p>\n<p>Download this PDF for a technical analysis of this ransomware.<\/p>\n<p><a href=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2016\/09\/DOMINO_Ransomware_Analysis_PDF.pdf\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-82869\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2016\/05\/PDF-icon.png\" alt=\"PDF icon\" width=\"83\" height=\"84\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon.png 256w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon-150x150.png 150w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon-70x70.png 70w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon-80x81.png 80w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2016\/05\/PDF-icon-45x45.png 45w\" sizes=\"(max-width: 83px) 100vw, 83px\" \/><\/a><\/p>\n<p>Quick Heal Anti-Ransomware Technology successfully detects the file encryption activity of the Domino ransomware.<\/p>\n<p><strong>Safety practices to stay safe against Domino ransomware and other destructive malware: <\/strong><\/p>\n<ul>\n<li>Only use licensed software and avoid pirated software<\/li>\n<\/ul>\n<ul>\n<li>Avoid downloading and installing activators for activating OS or other software<\/li>\n<\/ul>\n<ul>\n<li>Read and understand the privacy policy and risks involved while installing any software<\/li>\n<\/ul>\n<ul>\n<li>Back up all important files on a regular basis<\/li>\n<\/ul>\n<ul>\n<li>Run <a href=\"https:\/\/www.quickheal.co.in\/home-users\/quick-heal-total-security\" target=\"_blank\" rel=\"noopener\">antivirus<\/a> software on your computer and keep it up-to-date<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #666666;\">ACKNOWLEDGMENT<\/span><br \/>\nSubject Matter Expert<br \/>\n&#8211; Prashil Moon (Threat Research and Response Team)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you are using KMSPico Activator for activating your Windows or MS Office, then you could be risking yourself to a ransomware infection. Quick Heal Threat Research Labs has recently observed a new variant of ransomware called Domino that is using this activator as a carrier. The malware encrypts the infected files and appends the [&hellip;]<\/p>\n","protected":false},"author":29,"featured_media":83416,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[910,5],"tags":[50],"class_list":["post-83413","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ransomware","category-security","tag-ransomware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/83413"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=83413"}],"version-history":[{"count":6,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/83413\/revisions"}],"predecessor-version":[{"id":92376,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/83413\/revisions\/92376"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/83416"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=83413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=83413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=83413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}