Recently we have discussed that how nowadays the ransomware attacks are getting alarmingly complexed and with the advanced and modern technologies the cybercriminals are also boosting their game to extort more money from their victims.
Hence, again this has been asserted with another type of severe ransomware that simply locks the users out from their computer or laptops and simply making it unusable to convince them (victims) to finally pay up the ransom.
The “Kangaroo Ransomware”, it is a brand new contribution from the developer behind the Apocalypse Ransomware, Fabiansomware, and Esmeralda ransomware. Its fundamental tasks are much similar to other ransomware like “Locky”, encrypting all data present on the affected system and simply present a ransom demand message on the victims’ screen.
But, the most interesting thing is this “Kangaroo Ransomware” simply uses a legal notice as a ransom note which is displayed to all victims before the victims log into their computer or laptop.
So, now it is clear to you all that why it do like this, as it is very simple, the “Kangaroo Ransomware” simply do this to present the ransom note to the victims before they are able to login to their Windows PC or Laptop.
According to the reports of the ‘Bleeping Computer’, “This, “Kangaroo Ransomware” stands out from the common crypto-malware variants by utilizing a fake legal notice, which is displayed right before a user logs into their computer, similar to the DXXD ransomware. To make things worse, the malware prevents the victim from using Task Manager, as well as disabling Explorer.exe, which is responsible for displaying the Windows UI”.
Once the “Kangaroo Ransomware” get executed, simply after a window appears which displays the victim’s unique ID and the encryption key. Hence, it starts encrypting all the data present on the affected computer or laptop and ascribes the extension “.crypted_file” to them and it will offer all ransom notes in the format of “filename.Instructions_Data_Recovery.txt”. For example: test.jpg.Instructions_Data_Recovery.txt.
However, currently, there is still no known method is available to decrypt the files. But, there is one way to simply disable the lock screen on boot which was actually found by the site ‘Bleeping Computer’. So, now what the Victims have to do to apply this setting? As the victims can boot the Windows into Safe Mode and can simply disable the startup item that will prevent the malware.