If you are using KMSPico Activator for activating your Windows or MS Office, then you could be risking yourself to a ransomware infection. Quick Heal Threat Research Labs has recently observed a new variant of ransomware called Domino that is using this activator as a carrier. The malware encrypts the infected files and appends the extension “.domino” to the files.
How does the Domino ransomware enter its victim’s computer?
The ransomware pretends to be the KMSPico Windows Activator (a tool used to activate any version of Windows and Microsoft office). An unsuspecting user may install this tool thinking it to be the real one, and end up infecting their computer with the ransomware.
Download this PDF for a technical analysis of this ransomware.
Quick Heal Anti-Ransomware Technology successfully detects the file encryption activity of the Domino ransomware.
Safety practices to stay safe against Domino ransomware and other destructive malware:
Subject Matter Expert
– Prashil Moon (Threat Research and Response Team)