Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Apr 2017

How to remove Kampret ransomware virus

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Lucia Danes · Virus researcher

Kampretos ransomware is ready to sink its teeth into your files

The name of Kampret virus is derived from Indonesian meaning “bat.” It is already known that it is has been created on the basis of open-source HiddenTear ransomware[1]. Unfortunately, its availability on the dark market paves the way for multiple wannabe hackers to engage in illegal activities. Regarding several ransomware recently emerged on the market, some of them are the “masterpieces” of supposed teenagers. Likewise, the author of Kampretos malware either accidentally or intentionally gives in the details which might suggest his or her identity. “Kampret” and the use of “bakpao” suggest that the fraudster is either an Indonesian residing in the Netherlands. On the other hand, these hints might be just intentionally counterfeited to divert attention. Despite the mocking image of the virus, it still operates as a file-encrypting threat. Find out how you can lower the risk of the hijack. In case, it already settled on the system, it is high time you initiated Kampret removal.

According to the ransom message, the hacker is not very modest[2]. It demands 0,5 BTC which, at the moment, equals 605.13 USD. It is known that the malware encrypts data with AES encryption technique. Unfortunately, it generates a complex key which needs a matching private key[3]. It also appends .lockednikampret file extension to affected files. READ_ME.txt message is rather scarce and does not provide much information about its origin. Unlike other file-encrypting threats, it does not scare victims with the elapsing time or does not alarm with the ransom sum doubling after the expiration of the indicated time[4]. Instead, it only mocks victims to transfer 0,5 BTC for a coffee and a “backpao.” It provides one email for public communication kampretos@protomail.com. Even though that the malware encodes files, there is no need to follow the scenario devised by this felon. It would be better to remove Kampret right away.

Kampret malware example

Avoiding the malware

Modern hacking techniques reveal that crooks become more insidious and crafty about devising a profitable hacking technique. Usually, they fish for victims by spamming them with fraudulent emails. In order to convince them in opening the necessary attachment, they impersonate the officers of an official institution. In addition, they might fool victims with the fake lottery. Do not rush into opening a questionable email without verifying its sender[5]. In addition, Kampretos hijack also happens with the assistance of Ransom_CRYPTEAR.SM, Gen:Heur.Ransom.HiddenTears.1, Win32:Evo-gen [Susp], etc. Its file, FB_1.tmp.exe, might be placed in a .zip folder and named as “invoice.” You should also arm up with proper security tools, such as FortectIntego or MalwarebytesMalwarebytes, to diminish the risk of getting infected with Kampret ransomware.

Eliminating Kampretos malware

When it comes to file-encrypting threat, it is not recommended to deal with it manually. Install malware elimination utility and launch it. If you cannot open the anti-spyware utility, use the advice provided in the instructions indicated below. Either Method 1 or Method 2 will help you regain access. Then you will be able to continue Kampret removal. Though there is no official decrypter released yet, you might benefit from the suggestions shown under “Bonus recovery” instructions.

2 comments

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.