Crippling this particular malware from working is easy, since it uses BitTorrent, just block BitTorrent port 6969 in your firewall, the port that connects to this thing called a tracker that find you IP addresses to download your files from. Then according to the release history in the post above mine, the malware can't update itself anymore because BitTorrent doesn't work. It also stops it from spreading to other computers, so it helps prevent other people from getting infected to. This doesn't disable KryptoCibule from running though, and obviously this fix will only help you if you never torrent any files.
Long elaboration about how your computer can get infected and destroyed in general follows.
1. We should use antimalware, but this is just for in case purpose, very possible certain malware can be developed to bypass the antimalware. Also updating the antimalware is very important.
In most cases, malware can already evade detection by consumer anti-virus programs.
By default, antiviruses are dumb, which means they can't detect malware until the malware is analyzed at their labs, a signature that identifies them is created by the antivirus company, and then pushed in an update. And a signature is not guaranteed to be made, especially if your AV is made by a niche company, because they have less security developers to analyze it. Think of all AV companies working independently, each one racing to make their own signature for
the same malware, as quickly as possible. For legal reasons they can't share their teams and work together, and can't make signatures available to their fellow companies, and as a result of this you have each AV identifying the same malware using different heuristics, some of which are much less reliable than others. So there isn't even a way to positively identify a virus in a consistent manner, which would've convinced more users that the file they are trying to run is indeed malicious, since everyone would be talking about it and all the information about it would be available to every company.
Also, antiviruses only have the capability to quarantine the malware program itself. It can't stop a legitimate and clean program from downloading malicious files (especially in the case of Bittorrent because initially fills the files with empty data before it starts downloading), and it also can't stop a clean program that has been hijacked by a vulnerability from running malicious code, without terminating it and potentially losing your unsaved work. That's not something I'd call protection. What if the hijacked program is a system process like csrss.exe, and an AV terminates or quarantines it? Then the whole system will stop working.
Don't attach too much faith to antivirus updates, Sometimes, AV updates disable your computer entirely by accident with no way to fix it. It happened to Malwarebytes once when they pushed out an update for their AV. These updates are very rare, and are replaced in a matter of minutes, but they are also deadly. But there are more common ways for an antivirus to break your computer, and this applies to all AVs. Just update Windows to a new version and watch in horror as the incompatibilities between a new Windows update and the AV prevent the computer from booting. So then it turns out that, ironically, the antivirus, and not a virus, destroyed your computer.
This happens because Microsoft is not allowed to view the antivirus program's source code, being a trade secret, so they can test it for incompatibilities with Windows updates they make. Except for Windows Defender, because that's also made by Microsoft. Windows Defender is now better than what it used to be
I have been contemplating about writing a topic explaining how bad and ineffective antivirus programs are at stopping malware. They have so many false positives, that (according to bitcoin.org) even blockchain data is flagged as malicious by them. All the above is true for consumer AVs, I have no idea whether security suites designed for enterprises live up to their name or are just as bad as consumer AVs.
4. We should be mindful of pirated files.
I will try to explain this in simple terms. I visited places where pirated files are uploaded called public trackers. These sites get so many users per month, that almost all people who look for pirated stuff visit one of the public trackers. I am talking about The Pirate Bay and KickAssTorrents. Basically the only people who search for "
crack" or "watch free" on Google are the ones who can't run BitTorrent because their ISP blocks it. And ever since Google removed piracy sites from it's search results back in 2012, a side effect of that is that fake piracy sites with malware on them are higher up in search results (some even buy ad slots on the top page), so the anti-piracy update made it more likely for you to get malware by searching on Google.
When someone wants to pirate some software or movie they go to the page on the public tracker about it, click on the magnet link and then it opens the torrent in their BitTorrent client where it grabs the stuff from other people downloading the same file. It does not fetch a "crack" or installer that downloads the software or movie, like the cracks that you might have seen some shady blogs distributing. It always directly downloads the pirated content. We call this pirated thing "genuine".
Then there are the fake pirated files that you see when you go to a shady blog. The way they look like is they have a homepage full of blog posts about recent software or movies that has been pirated, they have actually been pirated before by someone else but the download links are replaced by tiny Windows executable that install malware.
So pro-tip: I absolutely do not condone piracy, but if you see a Windows program that is really tiny, a few hundred kilobytes or 1 or 2 megabytes large, when you're looking for some pirated stuff to download, don't download it! By conventional rule, all pirated programs are distributed in .RAR files or really large Windows programs. And if you're looking for a movie or TV show, but you get a Windows program instead, that is definitely malware. You are supposed to directly receive the media file.