K3n3dy Ransomware

The K3n3dy Ransomware is a new threat that has been observed in the wild. Ransomware is a class of malware that has been designed specifically to lock the files stored on any breached system. The hackers will then take the encrypted data as a hostage and extort their victims for money in exchange for the potential restoration. The K3nedy Ransomware follows that pattern almost to the letter.

Victims of the K3n3dy Ransomware will notice that all of their personal or work-related files now have different names. Indeed, the malware marks the files it encrypts by appending to them a new file extension consisting of ".k3n3dy' and a unique ID string that has been assigned to the particular victim. When the threat finishes its encryption process, it will proceed to deliver a ransom note with instructions from the cybercriminals. The note will be dropped on the infected system in the form of text files named '!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT.' A copy of the ransom-bearing file will be created in each folder containing encrypted files. 

The K3n3dy Ransomware informs its victims that if they want to restore their data, they will have to purchase the decryption key currently stored on the hacker's private server. For further details such as the exact sum of the ransom and the method used to transfer the money, users are directed towards the Tox instant-messaging app. As an alternative communication channel, the hackers also allow the use of the Jabber messenger. 

The full text of K3n3dy Ransomware's note is:

'ATTENTION!

All your files documents, photos, databases and other important files are encrypted

The only method of recovering files is to purchase a private key. It is on our server and only we can recover your files.

In message please write your ID and wait our answer:

1. Visit hxxps://tox.chat/download.html
2. Download and install qTOX on your PC.
3. Open it, click "New Profile" and create profile.
4. Click "Add friends" button and search our contact - F01116F7578E328D94BC9297DF61131DA66C85 0283BC4BD2D7487412EE4AE50F30C64E15747E

The alternative way to contact as is to use Jabber:

1. Visit hxxps://psi-im.org/download/
2. Download and install Psi on your PC.
3. Register new account on hxxps://jabb.im/reg/
4. Add new account in Psi.
5. Add our contact - k3n3dy@xmpp.cz

Please note, this is time limited offer. - within 10 days your private key will be deleted automatically and there will be no ways to get your files back.
DO NOT try to recover your files by yourself, it may damage your data'