110 likes | 406 Views
The authors of the once widespread KANGAROO ransomware have coined a new extortion tool that goes by another popular Russian name – Mischa. Whereas these two undoubtedly represent the same family and share some behavioral patterns, the latter is drastically different from its forerunner. The Mischa ransomware is a more ‘classic’ sample, because it encrypts the end user’s personal files rather than corrupting the Master File Table. This somewhat milder impact, which still allows the infected person to actually boot into Windows, doesn’t make the newcomer Trojan any less hazardous, though. It uses a cryptographic algorithm that’s strong enough to prevent data recovery through brute-forcing, which basically means that the victim runs the risk of losing all important files unless they pay up.<br>
E N D
Remove KANGAROO virus: how to decrypt KANGAROO encrypted files http://guides.uufix.com/instructions-to-remove-kangaroo-ransomware/
The authors of the once widespread KANGAROO ransomware have coined a new extortion tool that goes by another popular Russian name – Mischa. Whereas these two undoubtedly represent the same family and share some behavioral patterns, the latter is drastically different from its forerunner. The Mischa ransomware is a more ‘classic’ sample, because it encrypts the end user’s personal files rather than corrupting the Master File Table. This somewhat milder impact, which still allows the infected person to actually boot into Windows, doesn’t make the newcomer Trojan any less hazardous, though. It uses a cryptographic algorithm that’s strong enough to prevent data recovery through brute-forcing, which basically means that the victim runs the risk of losing all important files unless they pay up.
The authors of KANGAROO, a new data-encoding trojan sample, appear to have fairly modest mercantile appetites as they extort an unusually low ransom of 0.1 Bitcoins, which converts to about 40 USD. This feature, though, doesn’t make such an attack incident any less abominable than the rest of the crypto malware assaults out there. The online criminals’ trump card in defrauding their victims of some savings is a rather strong cryptosystem leveraged in the course of the compromise.
The offending program makes use of a blend of AES-256 and RSA-2048 to turn one’s personal data into an array of inaccessible entities. It targets both the files stored locally and those residing on mapped network shares as well as external media that’s currently inserted into the infected computer running Windows or Linux. The range of file formats at risk isn’t very plentiful, covering objects with about 40 different extensions, as opposed to some ransomware variants that lock hundreds of types of data.
Harmful is a barely accurate attribute to characterize the effect impaired by ransom trojans, because the damage tends to get tremendous. The only user that has nothing to worry about in the face of these attacks is one who doesn’t keep any information on their computer, which is fiction rather than a plausible scenario. Ransomware blocks out one’s access to data deposited on local drive volumes as well as mapped network shares. The latest edition of the notorious KANGAROO infection does exactly that, appending files with the .LOL! extension and creating a document with recovery tips named “how to get data.txt” inside every path with encrypted entities. As a result, the victim can no longer open files saved in more than 130 different formats.
Remove KANGAROO virus: how to decrypt KANGAROO encrypted files
This approach relies on the native Windows backup of files on the computer, which is conducted at each restore point. There is an important condition to this method: it works if the System Restore feature was toggled on before the contamination. Also, if changes were made to a file after the most recent restore point, they won’t be reflected in the recovered file version. • • Use Previous Versions feature
The Properties dialog for random files has a tab called Previous Versions. That’s where the backed up versions are displayed and can be recovered from. So right-click on a file, go to Properties, hit the above-mentioned tab and select the Copy or Restore option, depending on the location you would like it recovered to.
Apply ShadowExplorer • The above process can be automated with a tool called ShadowExplorer. It basically does the same thing (retrieving Shadow Volume Copies), but in a more convenient way. So download and install the application, run it and browse to files and folders whose previous versions you wish to be restored. To get the job done, right-click on any of the entries and select the Export feature. • Backups
Out of all the options that aren’t ransom-related, this one is the most optimal. In the event you had been backing up your information to an external server before the ransomware hit your PC, restoring the files encrypted by KANGAROO is as simple as logging into the respective interface, selecting the right files and initiating the restore transaction proper. Before you do so, however, be sure to completely remove the ransomware from your computer.
FOR MORE DETAILS • VISIT http://guides.uufix.com/instructions-to-remove-kangaroo-ransomware/