BitKangoroo Ransomware is another crypto-virus threat which recently strike the cyber security. This nasty file encoder was first detected by a malware researcher known as Lawrence Abrams. Security analyst suspect that the ransomware may be a product of Hidden tear or EDA2 like independent project. However the functionality of this file encrypting threat is identical to the infamous Barrax Ransomware. Like most of the encoding threat this ransomware is also designed for only purpose that is encrypt file and demand ransom from the user. In order to initiate its malicious process, the ransomware silently enters in the targeted computer and start scanning the available drive. Being a nasty threat it is capable of encrypting different type of files which we used on Windows computer. To encrypt its targeted files the ransomware make use of AES-256 cryptography. After encryption, the only way to decrypt the files is using the decryption key.
The Encryption Process Of BitKangoroo Ransomware
After arriving in the system, BitKangoroo Ransomware modify system startup settings and create new entries in Windows registry. All it do to gain the persistence which help it to start its process automatically. Then the ransomware delete shadow volume copies of the Windows which make the decryption more difficult. However, it claim to encrypt any files stored in the compromised system, but report suggest that it only encode the files stored on the desktop. All the files encrypted by this encryption trojan get the .bitkangoroo extension added to them. Files having the .bitkangoroo extension can’t be open without the help of unique decryption key. Different antivirus vendor detect the files associated with this ransomware as :
- Static engine – malicious
- Malicious_confidence_62% (W)
What Happens After The Encryption?
Upon encryption, BitKangoroo Ransomware drops a ransom note on the desktop of compromised system. The ransom note is displayed in a Windows which is titled as BitKangoroo. The purpose behind dropping the ransom note is to inform user about what happens with their files and demand ransom from them. According to the ransom note, victim will have to pay 1 Bitcoin (1737 USD). It also warn to make the payment within 48 hours otherwise the ransom amount get decreased. It also want user’s to contact on email@example.com email if they want to know more about decryption. Here you can see the text which is written in its ransom note :
Dealing With BitKangoroo Ransomware
We know that every file is important for you but still it is suggested to not pay the ransom or contact on the provided email ID. There is no guarantee that you will get the decryptor even you pay the money. Fortunately, malware researcher get success in cracking the ransomware and create its decryptor which is known as “BitKangarooDecrypter”. User can download this decryptor to decrypt their files for free. But remember if you let the ransomware in your system then it may get updated and then you will not found decryptor of that. Therefore always create a backup and remove BitKangoroo Ransomware as soon as possible.
Removal Instructions Of BitKangoroo Ransomware
If your computer also get infected by the ransomware then you should try to remove it soon otherwise it will bring other threats. In order to remove it manually from your system you can use the following manual removal step.
Step 1 : Boot Your system In Safe Mode With Networking
- From start menu click on Restart.
- When PC start booting, press the F8 key continuously.
- The Advance boot menu will appear.
- Select Safe Mode With Networking and press Enter.
Step 2 : Remove Ransomware Related Entries From registry
- Press Windows + R key at once.
- It will launch the Run Box.
- Then type “regedit” to start the Windows registry.
- Search for related ransomware entries.
- Click on Disable option, to remove them.
Step 3 : Remove BitKangoroo Ransomware From Task Manager
- Press Ctrl + Shift + Esc keys simultaneously.
- It will launch the Windows Task Manager.
- Under Windows Task Manager, click on Processes Tab.
- Search for ransomware related process.
- Then click on the End Task button.
Note : – Threats like ransomware or trojan create several files in different location of system so manual steps may not remove it completely. Therefore, it is recommended to use Free-scanner which removes the ransomware and all its files continuously.