Kiss Ransomware marks all files it encrypts with a “kiss.” To be more precise, the threat appends an extension that is called .kiss to the victim’s files that it locks with a strong encryption algorithm. In front of it, there should also be a unique user ID number and an email address that belongs to the malware’s creators. For instance, files on our test computer were marked with the following combination: [id-N6LpOP4n].[email@example.com].kiss. After encrypting files, the malicious program ought to drop a file with contact information. It is not an unusual practice as many similar threats do not show detailed instructions on how to decrypt files, but leave it for a user to find out. The most likely scenario is that hackers will send instructions on how to pay a ransom. Thus, we do not recommend contacting them if you do not intend to pay. For more information about Kiss Ransomware, you should continue reading our report, and if you decide to erase it, you might be interested in our deletion instructions located below this article.
At first, you should know where Kiss Ransomware might come from. Our specialists say the malware might be spread through Spam emails or malicious file-sharing web pages. Naturally, to make the malware’s launcher look harmless, it could be disguised as a document or any that would not raise suspicion. For instance, Spam emails could carry malicious launchers that would look like text files, while launchers on malicious file-sharing sites could look like legit software installers or updates. Therefore, you should never let your guard down if you do not want to end up receiving malware. We always recommend opening data from the Internet only if a user is certain that it is safe to open it. If not, you should employ a reputable security tool and scan the file in question with it.
Kiss Ransomware should encrypt files like pictures, photos, various documents, archives, and so on. The only data it might leave unencrypted should belong to Windows or other software installed on an infected device. As said earlier, the encrypted files should all receive a specific extension, so it ought to be easy to recognize them. The next thing, the malicious program should do is create a file called %$ BACK FILES !#.html. If opened, it should display a short message saying: “decrypt files ? write to firstname.lastname@example.org or telegram @assist_decoder.” As you can see, it does not explain much and only allows you to contact the malware’s creators. However, from our experience with threats like Kiss Ransomware, we can tell that most of them are created for money extortion. Meaning, if you write to the hackers behind this malware, you will probably be asked to pay a ransom.
Furthermore, the hackers may guarantee they will send a decryptor to all users who pay the ransom. However, cybercriminals cannot be trusted, and, in the end, you cannot know what they will choose to do or not do. If you do not want to risk getting scammed, we advise not to pay the ransom. Instead, we recommend removing Kiss Ransomware and replacing encrypted files with backup copies that you might have on cloud storage or removable media devices.
To remove the threat manually, you could complete the steps located below this text. If you prefer using automatic features, we advise scanning your system with a reliable antimalware tool and clicking its provided deletion button.