KMA47 Ransomware
So far, the KMA47 Ransomware threat has not been attributed to any of the currently established ransomware families. However, its behavior is no less dangerous. The threat is equipped with potent encryption capabilities that can leave users scrambling to find a way to access their personal or business data. KMA47 can affect a large set of file types and render them unusable completely. The cybercriminals can then proceed to extort all victims who wish to restore their valuable information.
In the aftermath of the KMA47 attack, users will notice that nearly all of their files now have '.encrypt' added to their original names. Furthermore, the threat also changes the current desktop wallpaper with an image of its own. A ransom note will be dropped on the system inside a text file named 'read_me.txt.'
Ransom Note's Overview
The desktop wallpaper applied by the threat doesn't contain any meaningful information. It simply depicts a mirrored image of the Algerian national flag accompanied by the simple statement 'hacked by KMA 47.' The actual instructions can be found inside the text file created by the ransomware. It states that the restoration of the encrypted data is only possible with the decryption software and unique decryption key possessed by the hackers. To assist their victims, the cybercriminals must first receive a ransom of $100. The note mentions two email addresses that could be used to contact the attackers - 'manager@mailtemp.ch' and 'helprestoremanager@airmail.cc.'
The full text of KMA47 Ransomware's note is:
'ATTENTION!
HACKED BY KMA47Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. 100$
To get this software you need write on our e-mail:
manager@mailtemp.ch
Reserve e-mail address to contact us:
helprestoremanager@airmail.cc
Your personal ID:'
