Kangaroo Ransomware
The Kangaroo Ransomware is a ransomware Trojan that is used to force computer users to pay ransom to recover their files, which are taken hostage by this threat. The Kangaroo Ransomware is a variant of Apocalypse, a known ransomware Trojan that carries out a typical encryption ransomware attack. After encrypting the victim's files, the Kangaroo Ransomware will change the affected files' extensions to '.crypted,' making it simple to know which files have been compromised. The files encrypted by the Kangaroo Ransomware are no longer accessible. Essentially, the Kangaroo Ransomware takes the victim's files hostage and demands that the victim pays a large ransom to recover access to the compromised files. The Kangaroo Ransomware displays a pop-up message after the victim's files have been encrypted. The Kangaroo Ransomware also will drop text files named after each encrypted file in the same directories where the Kangaroo Ransomware carried out its encryption. The pop-up messages and the text files all display a ransom note, demanding that the victim pays a large ransom to recover the affected files.
The Kangaroo that Jumps into Your Wallet
The Kangaroo Ransomware's ransom note does not provide information about the exact nature of the encryption used in the Kangaroo Ransomware attack. However, it may not be possible to recover the files that have been encrypted using the Kangaroo Ransomware. Victims of the Kangaroo Ransomware attack are instructed to email the Kangaroo Ransomware's creators at the email address Kangarooencryption@mail.ru. The ransom demanded by ransomware like the Kangaroo Ransomware is between 0.5 and 1.5 BitCoins, ranging from approximately $400 USD to $1600 USD. In many cases, the people responsible for it will ignore the victim or even demand a higher payment amount. Because of this, PC security analysts strongly advise computer users to avoid paying the ransoms demanded by these con artists. Malware analysts do not advise supporting the creators of the Kangaroo Ransomware and allowing them to continue to develop these attacks. The best solution for a Kangaroo Ransomware attack is to restore the affected files from a backup after using a reliable security application to remove the Kangaroo Ransomware infection itself. Because of this, a fundamental aspect of dealing with the Kangaroo Ransomware and other encryption ransomware Trojans is to ensure that proper preventive measures are taken in a timely manner.
Dealing with the Kangaroo Ransomware and Preventing Similar Ransomware Attacks
The Kangaroo Ransomware is nearly identical to a wide variety of ransomware Trojans. This is because the people responsible for these attacks may recycle code, only changing superficial details such as the size of the ransom or the content of the ransom note itself. There may be slight differences in encryption types from one infection to the other. Like most ransomware Trojans, the Kangaroo Ransomware is delivered by using corrupted spam email messages. The Kangaroo Ransomware also may be delivered by including it in fake torrent files distributed on peer-to-peer file sharing networks. Since spam email is such a common avenue for infection, it is essential that computer users learn to handle emails and email attachments in a secure way. The following is the Kangaroo Ransomware's ransom text note:
'Windows has encountered a critical problem and needs your immediate action to recover your data. The system access is locked and all the data have been encrypted to avoid the information be published or misused. You will not be able to access to your files and ignoring this message may cause the total loss of the data. We are sorry for the inconvenenience.
You have to contact the email below along with your Personal Identification ID to restore the data of your system.
Your Personal Identification ID: -
Email: the Kangarooencryption@mail.ru
You will have to order the Unlock-Password and the Kangaroo Decryption Software. All the instructions will be sent to you by email.'
PC security analysts strongly advise against following the instructions contained in the ransom note above.
