When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Kangaroo ransomware locks you out of Windows aside from encrypting your files

Kangaroo ransomware's boot lock screen

We have recently discussed ransomware getting alarmingly sophisticated, with cybercriminals upping their game to extort more money from their victims. And again, this has been affirmed with another type of ransomware that locks users out from their computer, making it unusable to convince them to finally pay up.

In a report by Bleeping Computer, the Kangaroo ransomware stands out from the common crypto-malware variants by utilizing a fake legal notice, which is displayed right before a user logs in to their computer, similar to the DXXD ransomware. To make things worse, the malware prevents the victim from using Task Manager, as well as disabling Explorer.exe, which is responsible for displaying the Windows UI.

The ransomware is not spread through usual methods like malicious downloaded files, or compromised websites. Instead, a hacker has to manually get into a victim's computer using Remote Desktop. Once they have executed the Kangaroo ransomware, a window will be shown, displaying the victim's unique ID and the encryption key.

After this, the ransomware will begin to encrypt files, and will append the .crypted_file extension to an encrypted file's name. When finished, it will display a lock screen, stating that there is a critical problem with the computer, and that the victim's data has been encrypted. It also displays instructions on how they can pay up to the perpetrators.

It doesn't stop there either-- as mentioned earlier, it will also display the similar note whenever the victim boots up their computer, and disables certain features to further convince them to hand out their money.

Unfortunately, there is no known method to decrypt the files. However, Bleeping Computer has found a way to disable the lock screen on boot. Victims can boot into Safe Mode and disable the startup item that is purging the malware. You can read more on how to do this here.

While following this method will finally help you boot into the system completely, again, it does not help with decryption of the affected files.

At this point, as we always say, it always helps to be wary of what we do on the internet, as these malicious software could just pop up out of nowhere, and compromise a lot of our personal and financial data.

Source and Images: Bleeping Computer

Report a problem with article
Next Article

How to download the new "Color Burst" wallpapers from Apple macOS Sierra

Previous Article

Microsoft extends HP Elite x3 Holiday Bundle deal, including Lap Dock and Desk Dock for $999

Join the conversation!

Login or Sign Up to read and post a comment.

12 Comments - Add comment