How To Remove Kekpop Ransomware
The Kekpop ransomware is a new strain of file-encrypting malware. There is no hard information on the specific family that Kekpop might belong to.
The ransomware encrypts files, including most popular file types such as media, document and database files. Once encryption is over, the ransomware produces its ransom note inside a file called "ReadMe.html".
Encryption doesn't only scramble file byte contents, it also renames files, appending a random five-digit string after the original extension, as well as a new .kekpop extension beyond the five-digit string. In practice, this means that a file formerly called "photograph.jpg" will transform into something like "photograph.jpg44831.kekpop".
The ransom demand is for $500, suggesting that the ransomware is not aimed at corporate entities but rather at private users. The hackers expect ransom to be paid in BTC. Of course, there are zero guarantees that a working decryption tool will be sent if the victim does pay up.
The full ransom note goes as follows:
+++++++++++++++++++++++++++++++++++++
Your files are encrypted by kekpop.
You can get them back by paying $500 to this btc address [alphanumeric string].
If you dont pay this fee your files will be lost forever.
+++++++++++++++++++++++++++++++++++++
The ransom note also indicates an amateur ransomware author and a negligent attitude towards the whole thing, typical of a ransomware variant that might still be in its development and testing phase.