Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Kaenlupuf Ransomware (Decrypt Files)

Article created to give insight on the malware called Kaenlupuf which is still in development and show how to remove it and decrypt files if your computer has been infected.

A ransomware virus created solely for Malaysian-speaking users, calling itself Kaenlupuf has been reported to be using AES-128 to encrypt files on computers which it can infect. The ransomware infection drops multiple files on the compromised computers, including a file indicating that the virus is version 1.0b. The virus uses a fake name – Microsoft Network Realtime Inspection Service and several others. In case this virus hits the wild and infects, we have prepared instructions that will help you remove it from your computer and ways to use the decryptor for Kaenlupuf to unlock all your files for free.

Threat Summary

Name

Kaenlupuf

Type Ransomware
Short Description Even though in development stage, the virus may encrypt the files on the compromised computers, and asks to pay in BitCoin to get the files back.
Symptoms The user may witness ransom notes and “instructions” linking to a web page and a decryptor.
Distribution Method Via an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Kaenlupuf

Download

Malware Removal Tool

User Experience Join our forum to Discuss Kaenlupuf.
Data Recovery Tool Data Recovery Pro by ParetoLogic Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Kaenlupuf Virus – How May It Infect

The virus may be spread, depending on what the one who is infecting with it decides. Usually, a big chunk of ransomware viruses out there do not limit themselves with one infection method. They use fake program installers, infected such, fake game cracks and patches and other activators that may be uploaded as torrents on websites. Sometimes, even PUPs (potentially unwanted programs) are used in order to cause an infection via malicious pop-ups, but very rarely.

The most dominant form of infection however that may spread Kaenlupuf in the future, if the cyber-crooks behind this virus decide to update it, may be e-mail spam. Usually such spam messages are sent out very cheaply via spam bots to a pre-set list of e-mail addresses of real users. This method is very effective and can increase the infection ratio of this virus very fast. To succeed in the infection, the criminals use social engineering (deceptive) techniques, like pretend that either a malicious web link or attachment in the sent e-mail is completely legitimate. To do this, they often claim that this is a document that has more information on a problem that the user has (suspicious bank activity, invoice for purchase, the user hasn’t made and other). These tricks easily fool inexperienced users into opening e-mail attachments and hence becoming infected.

Kaenlupuf Virus – More Information

When an infection by this virus has been performed, it begins to create multiple files on the compromised computers. The files are primarily executable files, named:

  • Netsvc.exe
  • Kaenlupuf-note
  • Ajaw-rsa.exe

The virus also drops a very interesting ransom note, with asci art and elements of retrowave artwork:

The ransom note is written entirely in Malaysian, but the message in it is the same like most ransomware viruses out there. It roughly translates to the following:

“IMPORTANT FOR YOU – READ
First of all, we congratulate you on choosing one of the best file protection from external threats.
We understand that you need the files immediately. We will provide a special package at an affordable price for only 1 bitkoyn.
Are surprised by our offer? So what are you waiting for, register your bitcoin now to get a valuable addition to your important files.
The longer you wait, the greater the amount. Your files are protected by the RSA-2048 algorithm. Very good and interesting, is it not?
RETURN MY FILES!
To return your files, follow these steps:
1. Register your account in the google-purse at the following URL:
Https://blockchain.info/wallet/
2. Use our bitcoin-address to transfer the payment:
173MLPGRWdc6z91gQXBCHYVTkqTR9tMABb
3. The amount of payment is as follows:
1 BTC
4. Be sure to report your ID when making a transaction.
YOUR TOKEN ID”

Kaenlupuf Ransomware’s Encryption

For the encryption of the files, malware researchers report that this virus may take advantage of the AES-128 encryption algorithm. It is used to replace bytes of a working file’s data with encrypted symbols. This acts as if it scrambles the file and the file becomes similar to corrupt. It does not have an icon and can no longer be opened by any type of software.

The files that have been encrypted by this ransomware infection may usually be important files that are often used, like:

  • Microsoft Office Documents.
  • Adobe Documents.
  • Image files.
  • Archive files.
  • Files associated with virtual drives.
  • Database files.
  • Audio files.
  • Videos.

Fortunately, this virus is decryptable, thanks to MyCERT, who have released a decryptor on their web page. All you have to do if you have encrypted files is to click on the image below to go to the website and then type your unique id as a password and then follow the instructions on the website:

Click on the image to go to the decryption website.

Remove Kaenlupuf Ransomware

After having decrypted your files, it is important to think about the virus’s removal. For the removal, we advise following the removal instructions below. They are carefully created to help you successfully eradicate the infection files from your computer after isolating it. For maximum effectiveness and easier removal, experts often advise to follow the automatic approach and download a particular anti-malware tool that will fully eradicate Kaenlupuf at a click of a button.

Manually delete Kaenlupuf from your computer

Note! Substantial notification about the Kaenlupuf threat: Manual removal of Kaenlupuf requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Kaenlupuf files and objects
2.Find malicious files created by Kaenlupuf on your PC

Automatically remove Kaenlupuf by downloading an advanced anti-malware program

1. Remove Kaenlupuf with SpyHunter Anti-Malware Tool and back up your data

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

  • Adrian Reyes

    y donde se consigue el password?

    • i believe the password should be your Token ID, but i am still looking into it.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.