The Kangaroo Ransomware is the new offering from the creator of Apocalypse ransomware.

Its basic features are similar to those of other ransomware such as Locky: it encrypts files of the affected system and displays a message asking for money. But Kangaroo does it in a different way.

The particular ransomware makes changes to the Windows registry to display a message that looks like a legal notice before the login screen. The message – including the author’s contact information – can be easily broken by allowing a user to connect to the machine.

It encrypts files and adds the phrase «.crypted_file» to them. For example, a file name myfile.txt becomes myfile.txt.crypted_file. Furthermore, it adds a message requiring money on each of the encrypted files. eg myfile.txt.crypted_file.Intructions_Data_Recovery.txt.

Kangaroo tries to tempt victims to come into contact with the developers, displaying a screen lock showing the address Victims should then provide their personal ID to get the password and decrypting software after the payment.


Normally, ransomware are spread by email or software downloads. But in the Kangaroo case, the hacker creates a remote desktop connection to the victim’s computer and installs the ransomware manually.

There are methods such as System Restore, which can be used to remove the particular ransomware but these will not help the recovery of your data, which can only be restored with an existing backup file. A possible reason is the lack of information on the type of encryption used by the ransomware. If you are about to pay an exorbitant amount of money to developers, keep in mind that success is not guaranteed. Your card details might be compromised during the payment process.


Find out how to protect yourself and business at: