What is Key Group Ransomware

Key G?roup ransomware is the name of a new ransomware clone that belongs to the Xorist family of variants.

Key Group behaves like every other ransomware variant. It encrypts almost every file on the victim system and makes encrypted files unreadable.

The ransomware appends the ".keygroup" or ".keygroup777" extension to encrypted files. The encryption process will render a file named "document.txt" into an encrypted version of it named "document.txt.keygroup".

The ransomware displays its ransom note inside a pop-up window and also deposits a copy of the ransom note inside a file named "HOW TO DECRYPT FILES.txt" that is placed on the desktop.

There is no way to reverse the encryption currently and no free decryption tool is available online for this specific version of Xorist. The only reliable way to recover files encrypted by the Key Group ransomware remains to revert to an offline backup.

It is never a good idea to negotiate with ransomware operators and pay the ransom as there are no guarantees that you will ever get a decryption tool even if you pay up.

September 2, 2022