Short Bytes: The developers of Apocalypse, have created a ransomware they call Kangaroo. After being installed via a remote connection, it encrypts the files and displays a ransom message for each file and also on the lock screen. It can be removed using System Restore.Kangaroo Ransomware is a new offering from the creator of Apocalypse ransomware. Its basic tasks are similar to other ransomware like Locky, encrypting files on the affected system and display a ransom demand message on the screen. But Kangaroo does it in a way which separates it from other ransomware.
Kangaroo makes changes to the Windows Registry in order to display a ransom message looking like a legal warning before the login screen. The message – including the contact details of the developer – can be easily bypassed allowing a user to login into the machine.
Here’s the message:
It encrypts the files and assigns the extension “.crypted_file” to them. For instance. myfile.txt becomes myfile.txt.crypted_file. Further, it also associates a text file having ransom message for each of the encrypted files, for instance, myfile.txt.crypted_file.Intructions_Data_Recovery.txt
Kangaroo tries to lure victims into contacting developers by displaying a lock screen having the email address, [email protected]. The victims have to provide their Personal ID assigned by the ransomware in order to get the Unlock Password and Kangaroo Decryption Software after paying money.
Normally, ransomware spread via email, software downloads. But in the case of Kangaroo ransomware, the hacker establishes a remote desktop connection to the victim’s computer and puts the ransomware manually.
There are methods, like System Restore, which can be used to remove Kangaroo Ransomware but it won’t result in retrieval of your data which can only be brought back using an existing backup file. One probable reason is the lack of information regarding what type of encryption the ransomware uses. If you consider paying a hefty amount of money to the developers, keep in mind, success is not guaranteed. You card details may be compromised during the payment process.
If you have something to add, tell us in the comments below.