KawaiiLocker ransomware aims at Russian speaking users, as its ransom note is written in Russian and, most plausibly, would not be read by the users, who do not know a word in Russian. Or it might also be the case that the developers of KawaiiLocker ransomware virus themselves do not know any other language from their native one and they expect the victims to use the service Google Translate and to pay them, and they will get the money anyway. The curious feature of KawaiiLocker cryptomalware is that it does not append any additional extensions to the names of the encrypted files unlike almost all of the ransomware viruses, which use their unique extensions as their trademarks. Another interesting point is its name. The developers of this ransomware show up as the fans of Japanese culture as regards the quality of cuteness, since the term ‘‘Kawaii’’ is translated as ‘‘cute’’, ‘‘adorable’’ or ‘‘lovable’’. The meaning of the name of this malicious program discords with its actual functionality, described in detail below.
About KawaiiLocker Ransomware
KawaiiLocker file-encrypting virus uses asymmetric encryption algorithm to encrypt the victim’s data. Over 60 file types are targeted by the latter cyber threat. These are the following:
When the data files have been encrypted, KawaiiLocker crypto malware drops HOW_DECRYPT_FILES.txt text file in every folder of these encrypted files. This text file contains the following ransom note:
The victim may also receive a sound message, informing about the attack performed. 6000 rubles, which is 93.90 USD at this particular point in time, is the ransom the victim must pay in order he (she) regained the access to his (her) data. The ransom money must be transferred within the period of one week. The affected user is expected to contact these cyber crooks by the e-mail address [email protected] to obtain the exact payment instructions. The hackers behind KawaiiLocker encoder offer to decrypt one file for free, which will not be among the largest of the files encrypted. It seems that they have already puzzled out that the users, advised by cyber security experts, send the largest file to be decrypted, and later on it is used on the decrypter, developed by the experts, to restore all the other damaged files. However, do not think of communicating with these cyber criminals as you will be batting on a losing wicket.
How is KawaiiLocker Ransomware Spread?
KawaiiLocker ransomware can be hiding in the spam e-mails you receive. These spam e-mails typically enclose infectious links and/ or attachments. They can be disguised as official letters from local institutions, such as State Tax Inspectorate, etc., informing you about the debt, which must be paid as soon as possible, otherwise you will face serious consequences. This is pure social engineering for which the developers of KawaiiLocker virus expect you to fall. This ransomware threat can also be distributed by malicious program codes, known under the name of exploit kits (e.g. Nuclear, Angler EK, etc.). These programs downloads and installs the payload of the ransomware on your computer’s system, after you have visited some dubious or hacked websites. DLL attack can also be implement for the sole purpose of infecting your computer with KawaiiLocker malware. DLL (dynamic-link library) hijack refers to malicious DLLs which replace the original ones to infect the victim’s PC with the code of the ransomware.
How to Decrypt Files Encrypted by KawaiiLocker Ransomware?
Unfortunately, files encrypted by KawaiiLocker encrypter cannot be decrypted yet.
Update: the decrypter is now available at here: link. You can download it for free and successfully decrypt your files.
This virus deletes Shadow Volume Copies. So there are basically two options for you to retrieve your data. The first one is your backup, if you have any. The second one involves the application of professional data recovery tools such as Recuva, PhotoRec, R-Studio, the software by Kaspersky Lab, etc. But before scorching to perform the data recovery, make sure to copy the bundle of your infected data files, which will be used on the would-be decryptor by cyber security researchers. And, above all, remove KawaiiLocker ransomware with professional tools: Spyhunter. In the case of such a severe attack as ransomware infection is, it is generally recommended to use automatic tools to clean the computer’s system fully. However, we do provide you with the free guide for the manual removal of KawaiiLocker virus, which is located right below.