Kangaroo Ransomware
Posted: November 4, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 87 |
| First Seen: | November 4, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Kangaroo Ransomware is a Trojan whose code is a branch from the Apocalypse Ransomware, a family of threats notable for the lack of discrimination in their data-enciphering attacks. Besides using encryption as a way of blocking you from your PC's content, the Kangaroo Ransomware also creates potentially misleading pop-up messages and ransom demands, supposedly for helping you recover the encoded data. Malware experts still recommend using anti-malware tools supported by backups to remove the Kangaroo Ransomware and save your information from being lost permanently.
The Kangaroo Ransomware: the Next Jump by Apocalyptic Trojans
A Trojan's development rarely stops once its authors make a public release. A family of threats, particularly one in the RaaS (or 'Ransomware as a Service') category, can continue seeing updates and project forks that result in significantly different threats, in due time. One smaller, but still active family malware experts are examining is the Apocalypse Ransomware, which has seen entries including the SecureCryptor Ransomware, the Al Namrood Ransomware, the >Esmeralda Ransomware, and the newest, the Kangaroo Ransomware.
The Kangaroo Ransomware installs itself as a fake Windows executable and, like the Apocalypse Ransomware, queries the contents of the entire, local hard drive. The Trojan encrypts most files on the drive, excluding ones required by Windows, which prevents the victim from opening any personal or work-related media.
The Trojan's campaign also relies on a degree of social engineering sleight-of-hand. Its ransom message, which the Kangaroo Ransomware always launches in the format of a Windows pop-up, places the victim under a timer before it deletes their files and implies that it's a warning by the operating system, itself, of a 'critical error' that requires ordering the Kangaroo Decryption Software. The desktop may be inaccessible until the user terminates the Kangaroo Ransomware's window.
A Skip and a Hop Over a New Try at Old Ransoming Actions
The Kangaroo Ransomware continues offering those harmed by its campaign an 'easy out' from its attacks by giving them user-friendly interfaces for providing ID and decryption information to its admin, who may opt to help them recover their data after receiving the ransom. Just as often, a con artist may ignore any obligation implied by taking the money or provide decryption solutions that cause additional damage to the encoded content. Malware experts tend to recommend using free decryption solutions, if necessary, particularly for members of the Apocalypse Ransomware's family, who have been cracked by public decryption programs in old campaigns.
The Kangaroo Ransomware's installation includes such potentially threatening earmarks as tampering with Windows security drivers, modifying your Windows directory, abusing file-deletion rights, and conducting unauthorized network activity. However, its payload does require encrypting a majority of your hard drive, which, potentially, can require extensive time. Within that duration, your anti-malware products should be capable of removing the Kangaroo Ransomware and minimizing the damage to the drive.
Above all else, the easiest way to keep this new version of a Windows 'Apocalypse' from targeting your PC is to practice safe PC behavior, such as running anti-malware scans on downloaded files before opening them.
donĀ“t pay
We and many other "customer" from them pay 3 to 7 BTC and get absolute nothing from them to decrypt our data. They always want much more BTC.