Kangaroo Ransomware

Kangaroo Ransomware Description

The Kangaroo Ransomware is a Trojan whose code is a branch from the Apocalypse Ransomware, a family of threats notable for the lack of discrimination in their data-enciphering attacks. Besides using encryption as a way of blocking you from your PC's content, the Kangaroo Ransomware also creates potentially misleading pop-up messages and ransom demands, supposedly for helping you recover the encoded data. Malware experts still recommend using anti-malware tools supported by backups to remove the Kangaroo Ransomware and save your information from being lost permanently.

The Kangaroo Ransomware: the Next Jump by Apocalyptic Trojans

A Trojan's development rarely stops once its authors make a public release. A family of threats, particularly one in the RaaS (or 'Ransomware as a Service') category, can continue seeing updates and project forks that result in significantly different threats, in due time. One smaller, but still active family malware experts are examining is the Apocalypse Ransomware, which has seen entries including the SecureCryptor Ransomware, the Al Namrood Ransomware, the >Esmeralda Ransomware, and the newest, the Kangaroo Ransomware.

The Kangaroo Ransomware installs itself as a fake Windows executable and, like the Apocalypse Ransomware, queries the contents of the entire, local hard drive. The Trojan encrypts most files on the drive, excluding ones required by Windows, which prevents the victim from opening any personal or work-related media.

The Trojan's campaign also relies on a degree of social engineering sleight-of-hand. Its ransom message, which the Kangaroo Ransomware always launches in the format of a Windows pop-up, places the victim under a timer before it deletes their files and implies that it's a warning by the operating system, itself, of a 'critical error' that requires ordering the Kangaroo Decryption Software. The desktop may be inaccessible until the user terminates the Kangaroo Ransomware's window.

A Skip and a Hop Over a New Try at Old Ransoming Actions

The Kangaroo Ransomware continues offering those harmed by its campaign an 'easy out' from its attacks by giving them user-friendly interfaces for providing ID and decryption information to its admin, who may opt to help them recover their data after receiving the ransom. Just as often, a con artist may ignore any obligation implied by taking the money or provide decryption solutions that cause additional damage to the encoded content. Malware experts tend to recommend using free decryption solutions, if necessary, particularly for members of the Apocalypse Ransomware's family, who have been cracked by public decryption programs in old campaigns.

The Kangaroo Ransomware's installation includes such potentially threatening earmarks as tampering with Windows security drivers, modifying your Windows directory, abusing file-deletion rights, and conducting unauthorized network activity. However, its payload does require encrypting a majority of your hard drive, which, potentially, can require extensive time. Within that duration, your anti-malware products should be capable of removing the Kangaroo Ransomware and minimizing the damage to the drive.

Above all else, the easiest way to keep this new version of a Windows 'Apocalypse' from targeting your PC is to practice safe PC behavior, such as running anti-malware scans on downloaded files before opening them.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Kangaroo Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Posted: November 4, 2016
Threat Metric
Threat Level: 10/10
Infected PCs 87
Home Malware Programs Ransomware Kangaroo Ransomware

One Comment

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.