Katafrack threatens users into paying the ransom

Katafrack is an updated[1] variant of Ordinal ransomware. Malware is based on HiddenTear open source project and uses AES-256 cryptography to corrupt files on the targeted system. Once the destructive task is over, crypto-virus provides data recovery instructions in the “READ-ME-the TO-the GET-YOUR-FILES-BACK.txt” file.
The text file includes a short message about the unpleasant situation and informs what victims have to transfer 0.02 Bitcoins and send unique ID number to OrdinalScale@protonmail.com email address:
Your files is have Been encrypted by ransomware Ordinal
Below is the information you will of your Up Need to decrypt the files is
of After That, you'll the BE Able to see your beloved files is again.
Email: OrdinalScale@protonmail.com
The BTC the Address: [xxx]
the ETH the Address [xxx]
the Amount of Post Send the To: 0.02 The BTC
Identification: [xxx]
Additionally, Katafrack virus delivers one of two lock-screen messages. Ransomware might shoe either green or red windows with identical information. Crooks promise to respond within 12-24 hours and send decryption program with a specific key which is said to be deleted within 7 days since the attack. However, security experts warn that it might never happen.
There are numerous cases when ransomware developers did not keep their word and left people without encrypted files. Therefore, victims of the Katafrack ransomware are suggested remain calm and do not pay attention to crooks’ threats.
Even though they tell not to remove Katafrack from the system or try alternative recovery methods, that’s exactly what you should do. The virus makes critical changes to the system and makes it vulnerable. Thus, you won’t be able to use the computer without criminals breathing behind your back.
Therefore, we highly recommend terminating this malicious program from the device using FortectIntego or another anti-malware program. Please do not try to perform manual Katafrack removal because it is most likely to end up with a damaged system. Ransomware injects malicious code into legit processes and might modify Registry, so only reputable tools can clean the PC without damaging it.

Things to know about ransomware distribution
The file-encrypting virus spreads via malicious spam emails and their attachments,[2] malicious ads, fake updates and downloads. Thus, you should watch out your downloads and clicks. Before making a move, always make sure that content is safe.
Additionally, ransomware can take advantage of weak RDP configuration, outdated software and unpatched systems. Thus, using up-to-date programs and keeping antivirus installed should minimize the risk of the cyber attack.
However, security experts from Bedynet.ru[3] warn that crypto-viruses are sneaky and might manage to find a way to users’ computers. Thus, keeping backups is a must to prevent important data loss.
Removal of the Katafrack malware
As we have mentioned before, you should not try to locate and terminate ransomware-related entries from the computer. It’s a complicated cyber threat that should be treated properly. For this reason, you have to remove Katafrack with a security program, for instance, FortectIntego or MalwarebytesMalwarebytes.
However, malware might be designed to block antivirus activity. Thus, you should disable the virus first. The guide below will show you two methods how to do it and run automatic Katafrack removal successfully. Additionally, you will find data recovery suggestions that might help to get back some of the files.
Was this guide helpful?
Be the first to comment