Kappa Ransomware is one of the nastiest infections that have been recently detected by specialists working at 411-spyware.com. There is no doubt that it will ruin your files (e.g. images, documents, and videos) if it ever enters your computer. Luckily, it is still not distributed actively yet because it is in development; however, the chances are high that everything will change soon, so you must be as careful as you can. If you are reading this article not out of curiosity but because this infection has already successfully entered your system, eliminate it as soon as possible. This, unfortunately, does not mean that your files will be unlocked, but you will surely not allow it to touch your new files by making it gone from the system. Although Kappa Ransomware does not work properly yet, e.g., it is written “This is a test” in the Bitcoin address window, there is no doubt that it has only one goal – to obtain money from users. The amount of money users will be asked to pay in exchange for decrypted files is unknown (at the time of writing, there were two words “Your mother” in the Amount box only), but the size of the ransom is not the most important thing because our specialists still do not recommend sending malicious software developers money. These encrypted files could be restored for free from a backup once Kappa Ransomware leaves the system.
Kappa Ransomware goes to encrypt .jpg, .jar, .pka, .pkk, .rem, .toast, .txt, .ico, .xlm, .pps, .au3, .mov, and other files immediately after finding where they are located. The AES key is used to lock those files, so it will surely not be easy to unlock them. Frankly speaking, it might be even impossible to do that without the special tool. Cyber criminals claim to have it stored on the secret server, but you should not send money for them in order to get it because the chances are high that they will not give you anything. You could not unlock your files by simply removing the .OXR extension appended to them, for sure. You could only restore them from a backup you have. Malware must be removed from the system first!
You will not only see a number of encrypted files on your system if cyber criminals start actively distributing Kappa Ransomware and it manages to enter your computer one day. After successfully entering the system and encrypting files, this threat also drops two .txt files: 1 What happens with my files.txt (explains what has happened to files and how users can fix them) and 1 How to buy Bitcoin.txt (explains how to purchase Bitcoins and transfer the ransom in exchange for decrypted files). You should also discover a black window with a ransom note opened on your screen. It is not a screen-locking window – you could easily dismiss it by clicking X.
Research conducted by specialists has also shown that Kappa Ransomware is one of those ransomware infections collecting information about victims. It is mainly interested in such technical details as the MAC address, computer name, account name, CPU model, motherboard model, etc. Some of these details are sent to its server, whereas others are used to generate the unique user’s ID (########-################-############) consisting of letters and numbers. This is one more reason it cannot stay on your computer.
It is still unclear how this infection will be distributed because it is still in development, but, according to our specialists, it should not differ much from other ransomware infections available on the market these days. That is, it is very likely that it will be mainly spread via spam emails. On top of that, it might be placed on third-party pages containing tons of free software so that users would accidentally install it on their PCs. It is not always enough to be cautious, so we highly recommend installing security software on the system so that similar threats have zero chance to enter your PC unnoticed.
You do not need to have much knowledge about the manual Kappa Ransomware removal so that you could delete it manually from your system because there are only two removal steps you will have to perform: delete the malicious file launched and erase two .txt files dropped by the ransomware infection. Our manual removal guide should help you to delete this threat much easier; however, if you are not so sure you could erase it fully alone, you should acquire the automated scanner and use it to clear your computer.
# | File Name | File Size (Bytes) | File Hash |
---|---|---|---|
1 | Kappa Ransomware.exe | 266752 bytes | MD5: b674fd0512212b07a1dd529622d5d6f5 |
2 | 1 What happens with my files.txt | 1140 bytes | MD5: d38d473428accb8b0e84a6f1a9b54e3a |
3 | 1 How to buy Bitcoin.txt | 523 bytes | MD5: 7b6f0d1de9d62f54dd96c5b5bdd884f1 |
# | Process Name | Process Filename | Main module size |
---|---|---|---|
1 | Kappa Ransomware.exe | Kappa Ransomware.exe | 266752 bytes |