Kekpop Ransomware

The Kekpop Ransomware belongs to the class of malware threats designed to encrypt the files on breached computers and devices, thus preventing the victims from accessing their own information. Typically, ransomware threats can affect numerous file types, ranging from databases and archives to pictures, images and photos. Kekpop is no different, and the files it encrypts will be completely unusable. Victims have few options when it comes to the restoration of their data without having the necessary decryption keys.

However, unlike most ransomware threats, Kekpop doesn't simply append a new file extension to the names of the files it locks. Instead, the threat replaces completely the original names with a string of random characters followed by '.kekpop' as a new extension. Furthermore, the threat will create a file named 'ReadMe.html' on the victim's device. When opened, the file will display a ransom note with instructions.

Demands' Overview

The ransom-demanding message of the Kekpop threat is extremely brief. It lacks many crucial details usually found in the ransom notes of other threats of this type. Kekpop doesn't mention any email addresses or other communication channels that victims could potentially use to reach the attackers. The note also fails to say if the hackers responsible for Kekpop are willing to decrypt a couple of files for free, as a demonstration of their ability to restore all of the victim's data. Instead, the ransom note simply states that the cybercriminals expect to receive a ransom payment of $500. The funds must be transferred to the provided crypto-wallet address, with only the Bitcoin cryptocurrency being accepted.

The full text of the ransom note is:

'Your files are encrypted by kekpop.

You can get them back by paying $500 to this btc address Ox9NHVG8NVFGHG4HHHKBV.

If you dont pay this fee your files will be lost forever.'