'.kali File Extension' Ransomware

The '.kali File Extension' Ransomware is an encryption ransomware Trojan that is based on HiddenTear, a ransomware platform that has become the basis for countless ransomware variants since it first appeared in August of 2015. The purpose of the '.kali File Extension' Ransomware, like most encryption ransomware Trojans, is to take the victim's files hostage, encrypting the victim's files and then demanding a ransom payment from the victim in exchange for returning access to the victim's data. To take the victim's files hostage, the '.kali File Extension' Ransomware uses AES 256 encryption to make the files inaccessible.

Symptoms of a '.kali File Extension' Ransomware Attack

Typically, the '.kali File Extension' Ransomware is delivered to the victim's computer using corrupted spam email attachments. Once the '.kali File Extension' Ransomware has been installed, the '.kali File Extension' Ransomware will use the AES encryption to make the victim's files inaccessible, targeting the user-generated data in the attack such as the files with the extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The '.kali File Extension' Ransomware attack marks the files it encrypts with the file extension '.kali,' which is added to each compromised file. The '.kali File Extension' Ransomware delivers its ransom note in the form of a text file named 'HOW TO DECRYPT FILES.txt,' which contains the following message for the victim:

'ATTENTION ! ! !
The important files on your computer have been encrypted with military grade AES-256 bit encryption. The only way to get access to your files - enter the decryption key. We gAagtgt that you can recover all your files safely and easily. All you need to do is submit the payment and purchase the private key.
1. Send $500 worth of Bitcoin to following address:
3Ge8TedVhoYum3q1DAN42wVftkhH9MRVm2
If you don't know about Ai I;gig you can buy it from here: www.coinbase.com or www.localbitcoins.com or try google.com
2. After payment send your ID and contact email to:
pouranesd@cliptik.net
YOUR ID: JZZZZ-DZZZZ-CZZZZ
and we will send INSTRUCTIONS and KEY for recovery.
IMPORTANT: YOU HAVE ONLY 48 HOURS FOR PAYMENT
PLEASE DON'T EVEN TRY TO RECOVER FILES BY YOURSELF
IN CASE IF YOU WILL TRY TO DO SOMETHING WITHOUT KEY
ACCESS TO YOUR FILES WILL BE PERMANENTLY LOST!
DON'T EVEN TOUCH ANYTHING!
OR ACCESS TO YOUR FILES WILL BE PERMANENTLY LOST!'

Protecting Your Data from the '.kali File Extension' Ransomware

The best protection against threats like the '.kali File Extension' Ransomware is to have a dedicated security program that is fully up-to-date and backup copies of your data. Unfortunately, after the '.kali File Extension' Ransomware's encryption, the files cannot be decrypted without the decryption key. Because of this, the file backups are the most likely way to restore any data lost due to the '.kali File Extension' Ransomware attack.