BitKangoroo Ransomware Erases Files if Ransom is Not Paid in Time

0
124

Although BitKangoroo is still in development, the ransomware erases users’ files if they don’t pay the ransom in time.

The malware doesn’t look like a project of an experienced developer and currently it is capable of encrypting files located in the Desktop folder only. However, considering its ability to delete users’ files, BitKangoroo has the potential to become a very dangerous threat in future.

As soon as the virus enters the PC, it starts encrypting user’s files using AES-256 encryption and appends the .bitkangoroo extension to each of the affected files. When the process is completed, a ransom message shows up, informing the victim that their files have been encrypted and 1 Bitcoin should be paid to attackers for releasing the data.

In addition, the message warns that one file will be deleted hourly until the ransom has been paid, and a countdown is displayed on the PC monitor. After deleting the encrypted file, BitKangoroo sets the timer to 60 minutes again.

In fact, BitKangoroo is not the first ransomware family which is capable of deleting user’s data if a payment wasn’t made. However, the previous threats gave victims a longer period of time before proceeding to such action.

Nevertheless, the good news here is that the malware’s encryption has already been cracked and a free decryption tool, named BitKangarooDecrypter, has been released.

Unfortunately, the malware creators revealed a code which can delete all of the encrypted files in case the victim enters the wrong decryption key (a warning message is displayed when the user clicks on the Decrypt my files button), however, the code isn’t working and the ransomware can’t erase the user’s data.

The message displayed by BitKangoroo ransomware also includes a Bitcoin address informing the victims where they should send the ransom payment to, as well as giving them an opportunity for contacting the malware creators via email. Currently, the address is bitkangoroo@mailinator.com.

SHARE
Nelly Vladimirova
Nelly Vladimirova has been working as a journalist since 1998 with a main focus on Finance, Economics, and IT. In 2004 she graduated the University of Plovdiv, Bulgaria, as a Bachelor in English Philology and Master in Linguistics and Translation. Later, Nelly received a postgraduate certificate in Business Management from Scott's College, UK. Presently, she is presenting the latest news related to computer security at www.virusguides.com.

NO COMMENTS

LEAVE A REPLY

Time limit is exhausted. Please reload CAPTCHA.