Be Careful of the KMSPico Activator – It could be a Ransomware!

If you are using KMSPico Activator for activating your Windows or MS Office, then you could be risking yourself to a ransomware infection. Quick Heal Threat Research Labs has recently observed a new variant of ransomware called Domino that is using this activator as a carrier. The malware encrypts the infected files and appends the extension “.domino” to the files.

How does the Domino ransomware enter its victim’s computer?

The ransomware pretends to be the KMSPico Windows Activator (a tool used to activate any version of Windows and Microsoft office). An unsuspecting user may install this tool thinking it to be the real one, and end up infecting their computer with the ransomware.

Download this PDF for a technical analysis of this ransomware.

Quick Heal Anti-Ransomware Technology successfully detects the file encryption activity of the Domino ransomware.

Safety practices to stay safe against Domino ransomware and other destructive malware:

• Only use licensed software and avoid pirated software

• Avoid downloading and installing activators for activating OS or other software

• Read and understand the privacy policy and risks involved while installing any software

• Back up all important files on a regular basis

• Run antivirus software on your computer and keep it up-to-date

ACKNOWLEDGMENT
Subject Matter Expert
– Prashil Moon (Threat Research and Response Team)

Quick Heal Security Labs