A ransomware virus, called [KASISKI] ransomware has been reported to demand victims to pay $500 to get files encrypted by this virus. The ransomware is operating in both 64 as well as 32 bit Windows operating systems. [KASISKI] ransomware also drops a INSTRUCCIONES.txt file in which the developers of the virus clearly demand the victim to pay a hefty fee to get the files back. In case you have become a victim of this ransomware infection, advices are to read this article and learn how to remove [KASISKI] from your computer and hopefully restore the files that have been encrypted by the virus.
|Short Description||The malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.|
|Symptoms||The user may witness ransom notes and “instrucciones.txt” having instructions on how to pay $500 to get the files back. The prefix [KASISKI] has been used.|
See If Your System Has Been Affected by [KASISKI] Virus
Malware Removal Tool
|User Experience||Join our forum to Discuss [KASISKI] Virus.|
|Data Recovery Tool||Data Recovery Pro by ParetoLogic Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
[KASISKI] Ransomware – How Does It Spread
In order for this virus to infect unsuspecting users it may use e-mails with deceptive content. Since the malware attacks primarily Spanish speakers, the e-mails may be written in the same language too.
In the e-mails with which [KASISKI] ransomware may infect a computer, there may be either malicious e-mail attachments or web links, if the e-mail provider hasn’t blocked them. Those contain malicious code In them and after either opening an attachment or clicking on a link, believing they are legitimate documents or websites. Usually they are accompanied by deceitful messages that are primarily focused on getting the user to do what is asked. Some of the e-mails may even pretend to be an automated response of an e-mail with an invoice and fool the user that something is purchased in his name. Once these e-mail attachments or web links are opened, the virus begins to immediately download the payload on the infected machine.
[KASISKI] Ransomware – Further Details
The payload of the [KASISKI] infection has been reported to be named as the following:
- Kasiski.exe(malicious executable)
- INSTRUCCIONES.txt(Ransom note file)
After this has been done, the virus may modify the registry entries of the affected computer only to get kasiski.exe to run on system start. The usual sub-keys in the Windows Registry editor for this purpose are the following:
After the malicious executable of [KASISKI] Ransomware has been ran, the virus may begin scanning to encrypt files of the following file types:
→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com
After the encryption process has been completed, the files appear to look the same, however, cannot be opened and have the [KASISKI] prefix written on them. They may appear like the following:
After the encryption process has completeted, a ransom note, named “INSTRUCCIONES.txt” and a wallpaper appear. They both have the same message:
→ “TODOS SUS ARCHIVOS FUERON ENCRYPTADOS
PARA RECUPERARLOS ABRA EL DOCUMENTO
‘INSTRUCCiONES.txt’ QUE SE ENCUENTRA EN SU
ESCRITORIO Y SIGA LAS INSTRUCCIONES QUE ALI…
Este es su numero personal (NO LO BORRE) =
Todos sus archivos fueron ecnryptados (bloqueados).
Para restaurar sus archivos usted necesita un (DECRYPT TOOL)
Nosotros le ofrecemos el (DECRYPT TOOL) para restaurar sus archivos, su costo es de ($500) quinie”
Judging by the ransom note, the cyber-criminals want the victims to purchase a decryptor, which is most likely a tool that contains the unlock key generated after the encryption process has complete. Since often those tools may not decrypt your files even after paying the ransom, experts strongly advise against paying.
Remove [KASISKI] Ransomware and Restore Your Data
For the removal process of this ransomware infection, malware researchers often advise using powerful anti-malware tool, which will help detect all associated objects with this virus and remove them automatically. In case you have experience you can follow the manual malware removal instructions below, but if you haven’t done this before, we recommend the automatic approach underneath.
After having removed [KASISKI] ransomware from your computer systems, it is time to think about the files. There are numerous methods to restore deleted or corrupted files and we have suggested some of them in step “2. Restore files encrypted by [KASISKI]” below. They may not be 100 percent guaranteed, however may help restore at least some of your files. Also, before trying them, we advise backing up your encrypted files, just in case.
Manually delete [KASISKI] Virus from your computer
Note! Substantial notification about the [KASISKI] Virus threat: Manual removal of [KASISKI] Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.