A ransomware virus created solely for Malaysian-speaking users, calling itself Kaenlupuf has been reported to be using AES-128 to encrypt files on computers which it can infect. The ransomware infection drops multiple files on the compromised computers, including a file indicating that the virus is version 1.0b. The virus uses a fake name – Microsoft Network Realtime Inspection Service and several others. In case this virus hits the wild and infects, we have prepared instructions that will help you remove it from your computer and ways to use the decryptor for Kaenlupuf to unlock all your files for free.
|Short Description||Even though in development stage, the virus may encrypt the files on the compromised computers, and asks to pay in BitCoin to get the files back.|
|Symptoms||The user may witness ransom notes and “instructions” linking to a web page and a decryptor.|
|Detection Tool|| See If Your System Has Been Affected by Kaenlupuf |
Malware Removal Tool
|User Experience||Join our forum to Discuss Kaenlupuf.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Kaenlupuf Virus – How May It Infect
The virus may be spread, depending on what the one who is infecting with it decides. Usually, a big chunk of ransomware viruses out there do not limit themselves with one infection method. They use fake program installers, infected such, fake game cracks and patches and other activators that may be uploaded as torrents on websites. Sometimes, even PUPs (potentially unwanted programs) are used in order to cause an infection via malicious pop-ups, but very rarely.
The most dominant form of infection however that may spread Kaenlupuf in the future, if the cyber-crooks behind this virus decide to update it, may be e-mail spam. Usually such spam messages are sent out very cheaply via spam bots to a pre-set list of e-mail addresses of real users. This method is very effective and can increase the infection ratio of this virus very fast. To succeed in the infection, the criminals use social engineering (deceptive) techniques, like pretend that either a malicious web link or attachment in the sent e-mail is completely legitimate. To do this, they often claim that this is a document that has more information on a problem that the user has (suspicious bank activity, invoice for purchase, the user hasn’t made and other). These tricks easily fool inexperienced users into opening e-mail attachments and hence becoming infected.
Kaenlupuf Virus – More Information
When an infection by this virus has been performed, it begins to create multiple files on the compromised computers. The files are primarily executable files, named:
The virus also drops a very interesting ransom note, with asci art and elements of retrowave artwork:
The ransom note is written entirely in Malaysian, but the message in it is the same like most ransomware viruses out there. It roughly translates to the following:
“IMPORTANT FOR YOU – READ
First of all, we congratulate you on choosing one of the best file protection from external threats.
We understand that you need the files immediately. We will provide a special package at an affordable price for only 1 bitkoyn.
Are surprised by our offer? So what are you waiting for, register your bitcoin now to get a valuable addition to your important files.
The longer you wait, the greater the amount. Your files are protected by the RSA-2048 algorithm. Very good and interesting, is it not?
RETURN MY FILES!
To return your files, follow these steps:
1. Register your account in the google-purse at the following URL:
2. Use our bitcoin-address to transfer the payment:
3. The amount of payment is as follows:
4. Be sure to report your ID when making a transaction.
YOUR TOKEN ID”
Kaenlupuf Ransomware’s Encryption
For the encryption of the files, malware researchers report that this virus may take advantage of the AES-128 encryption algorithm. It is used to replace bytes of a working file’s data with encrypted symbols. This acts as if it scrambles the file and the file becomes similar to corrupt. It does not have an icon and can no longer be opened by any type of software.
The files that have been encrypted by this ransomware infection may usually be important files that are often used, like:
- Microsoft Office Documents.
- Adobe Documents.
- Image files.
- Archive files.
- Files associated with virtual drives.
- Database files.
- Audio files.
Fortunately, this virus is decryptable, thanks to MyCERT, who have released a decryptor on their web page. All you have to do if you have encrypted files is to click on the image below to go to the website and then type your unique id as a password and then follow the instructions on the website:
Remove Kaenlupuf Ransomware
After having decrypted your files, it is important to think about the virus’s removal. For the removal, we advise following the removal instructions below. They are carefully created to help you successfully eradicate the infection files from your computer after isolating it. For maximum effectiveness and easier removal, experts often advise to follow the automatic approach and download a particular anti-malware tool that will fully eradicate Kaenlupuf at a click of a button.