The Kawaiilocker Ransomware is a crypto threat that targets Russian-speaking users predominantly. However, even if you are not living in Russia or any of the countries around it, you may still get hit by this threat that uses the AES-256 encryption to encode the files of its victims. It is common for ransomware to add a unique extension to all files encrypted on the user’s computer, but the KawaiiLocker Ransomware doesn’t seem to use this feature. Instead, the ransomware focuses on encrypting over 60 types of files, as well as on deleting Windows Shadow Volume Copies that may be used to restored the encrypted data partially. When the KawaiiLocker Ransomware finishes its attack, it leaves behind three files – the KawaiiLocker.exe, HOW DECRYPT FILES.TXT and Crypt_list. The first one is the threatening payload responsible for the encryption routine, while the second one contains a copy of the ransom note which is only available in Russian. Crypt_list stores a list of all files encrypted on the victim’s computer, and must be provided to the attackers alongside the ransom fee they ask for.
The KawaiiLocker Ransomware’s authors ask their victims to pay a ransom fee of 6000 Rubles ($100), but they do not specify the payment method they prefer. Usually, ransomware authors opt to use BitCoins, but due to the nationality of the KawaiiLocker Ransomware’s operators and victims, it is likely that a less-known payment method may be used. The ransom note tells victims to contact [email protected] for payment instructions or if they desire to learn more about the attack.
The good news for the KawaiiLocker Ransomware is that the ransomware is poorly coded, and malware researchers have already reversed its encryption algorithm successfully. A free decryption tool named ‘Kawaii Decryptor’ is available, and it can be used to fully restore all files locked by the KawaiiLocker Ransomware. Keep in mind that the decryption tool does not remove the infection, and victims of the KawaiiLocker Ransomware must make sure to cure the infection with the assistance of a potent and up-to-date anti-malware software suite.