Threat Database Ransomware BitKangoroo Ransomware

BitKangoroo Ransomware

By GoldSparrow in Ransomware

The BitKangoroo Ransomware is a ransomware Trojan that, as part of its attack, will delete the victim's files completely. PC security researchers first received news of the BitKangoroo Ransomware in early May of 2017. The BitKangoroo Ransomware represents a real threat to victims' files and data due to the extreme nature of its attack. While many ransomware Trojans threaten the victim with deleting data, the BitKangoroo Ransomware follows through and deletes the victims' files if the ransom is not paid in a certain time. This may be in part to disguise the fact that there exists a decryption application that can help PC users recover from the BitKangoroo Ransomware infection, which is not the case with most ransomware Trojans that are active today.

The Attack of this Kangaroo is Severe but Can be Defeated

The BitKangoroo Ransomware seems to be in development and various of its features seem to be unfinished currently. One curious fact of the BitKangoroo Ransomware is that the word 'kangaroo' is misspelled, which is not so unusual when it comes to ransomware Trojans and ransom notes. The BitKangoroo Ransomware uses a combination of the AES 256 and RSA encryptions to make the victim's files unusable completely. After encrypting the victim's files, the BitKangoroo Ransomware will change their file extension to 'bitkangoroo,' making it an easy task to know which files have been lost to the BitKangoroo Ransomware encryptor. As part of its ransom note, the BitKangoroo Ransomware displays a countdown timer that indicates that at every hour the BitKangoroo Ransomware will delete one of the victim's files permanently. This countdown timer resets every hour, deleting a new file. Fortunately, the BitKangoroo Ransomware can be defeated since a decryption program exists to help the computer users affected by the BitKangoroo Ransomware.

How the BitKangoroo Ransomware Tries to Take Money from PC Users

The BitKangoroo Ransomware uses an attack strategy typical of most ransomware Trojans. Like most ransomware threats, the BitKangoroo Ransomware will threaten the victim by encrypting the victim's files and then requesting the payment of a ransom through the use of a lock screen. The BitKangoroo Ransomware lock screen contains the following message, displayed on the victim's PC:

'Your desktop file have been encrypted.
To unlock them, pay 1 BTC to the following address...
Every hour you wait toiliamnN delete one of them.
Bitcoin address:
[RANDOM CHARACTERS]
Decryption key:
[TEXT BOX]
Decrypt my files
Time remaining: [COUNDOWN STARTING FROM 48 HOURS]
Once you have paid, send the following email adding your bitcoin address:'

The BitKangoroo Ransomware is still in development because in its current state it only encrypts files on the infected computer's desktop. The BitKangoroo Ransomware also includes a code not implemented yet, that causes the BitKangoroo Ransomware to delete all encrypted files when the victim enters the incorrect decryption key. The BitKangoroo Ransomware warns the victim of this through the use of the following pop-up message:

'Are you sure the decryption key is correct? You have ONE attempt to insert the key! If it isn't correct, all your files will be deleted!'

The BitKangoroo Ransomware ransom note also includes a way to email the creators of the BitKangoroo Ransomware, by clicking on a button that opens an email form. This form allows the victim to email the people behind the BitKangoroo Ransomware at the email address bitkangoroo@mailinator.com.

Shooing this Kangaroo to Where it Belongs

If your computer has been infected with the BitKangoroo Ransomware, you can recover the affected files by using a decryption application that has been released publicly. A reliable security program that is fully up-to-date can help you intercept the BitKangoroo Ransomware and similar threats before they are installed on a computer. These infections also can be prevented by handling email attachments and other possibly unsafe material carefully, as well as exercising caution when browsing the Web, and through the use of secure passwords. Having file backups on the cloud or an external device also helps prevent these attacks since computer users can recover their files easily without having to resort to paying the ransom.

SpyHunter Detects & Remove BitKangoroo Ransomware

File System Details

BitKangoroo Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 266bdcb30e433d7edee1e3ddf83fffa1 0

Trending

Most Viewed

Loading...