BitKangoroo ransomware aspires to become full-fledged crypto-malware
BitKangoroo virus is the name of a newly detected malware. For some, it mind remind of another file-encrypting virus, called Kangaroo ransomware which appeared last year. Once encryption process is finished, all of the users desktop files are encoded with AES-256 code and contain .bitkangoroo file extension[1]. Within a short while, the malware opens up its GUI. After each hour, if a victim fails to transfer 1 bitcoin which currently amounts for $1,658.03, the virus would delete one file. Interestingly, those users have only one attempt to enter the right decryption key. Otherwise, typing in the wrong code would result in the loss of desktop files. Luckily, IT researcher Michael Gillespie already found a cure – the decrypter can be downloaded below. However, do not forget to remove BitKangoroo before you proceed to data recovery.
Exerting psychological pressure on victims with the clock base is not a novelty. After BitKangoroo malware GUI appears, another email window pops up. I paid the ransom.html message contains bitkangoroo@mailinator.com entered in the sender‘s box. Mailinator is a public service which grants you the chance to generate an instant email address. This email is for single-time use only, but you may provide in websites which require registration to use certain services or use it for writing comments. Furthermore, the email is automatically deleted after a couple of hours, so it is one of the ways to cover your tracks. It may also serve for evading spam instead of providing your personal email. Likewise, the crooks also made sure to lower the risk of identification. This public email service was also used in a recent “Google Docs” computer worm campaign[2]. It may be only a coincidence, however, whether the possibility that it might be the same gang of felons should not be excluded. Luckily, there is no need to pay the ransom but instead, perform BitKangoroo removal. You may interfere with the process of the ransomware by reviewing tasks. The ransomware functions via BitKangoroo.exe file, so you may attempt to terminate it. You should make a rush to terminate before it fully deletes your Desktop files.
Transmission strategies of the malware
If you have been wondering how you managed to get infected with the malware, there are several possible options. Spam emails remain a popular method for distributing ransomware. Users often fall for the bait when they open a counterfeited invoice or package delivery email. Such emails would have a .zip folder with a .doc or .js file. Be vigilant and avoid opening the attachment without confirming the identity of a sender. In addition, install malware elimination tool in order to avoid a risk of encountering the trojan which carries out BitKangoroo attack. Currently, it is identified by several anti-virus tools under the names of W32.Ransomware.Gen or Trojan.MSIL.Filecoder. In addition, bear in mind that corrupted domains, disguising exploit kits may also facilitate the attack of ransomware.
Performing BitKangoroo removal procedure
It would be better to remove BitKangoroo virus manually, as it is capable of inflicting quite bothersome outcomes. For that purpose, you may use FortectIntego or MalwarebytesMalwarebytes tools to perform the elimination. In case, you cannot open an anti-virus or malware elimination utility, the below instructions might be instructive. Note that this process is only effective when finished BitKangoroo removal.
Was this guide helpful?
Be the first to comment