1 of 2
Danger level 8
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Katafrack Ransomware

If you have been infected with the same version of Katafrack Ransomware that we have tested, chances are your important files have been untouched by this threat. We have found that this new threat may not be that new after all. It seems that it could be yet another Hidden Tear Ransomware offspring but it is also possible that it is a modified version of Ordinal Ransomware. In any case, the good news is that your files may not be encrypted. Yet, it does not mean that it is safe to keep this malware infection on your system. It could be crucial for you to understand how this semi-dangerous ransomware program has managed to sneak onto your system. We are about to share with you what we have found out about this threat. One thing we can tell you right now, though: We advise you to remove Katafrack Ransomware from your computer immediately.

You can easily infect your system with this ransomware if you tend to open spam e-mails. This infection is spread as a malicious attachment that may show up as a photo, video, or text document. This file may even have the right file type icon to deceive you even though it is indeed an executable file. You may believe that you could easily spot a spam but while this may have been true ten years ago, nowadays it is really hard to do so because cyber criminals have evolved. It is possible that this spam pretends to come from a well-known company with totally believable sender names, who may as well work there actually. The subject field can regard any topic that would be considered important by practically any private or professional person. For example, issues with a bank account (suspicious activities detected by the bank), undelivered package, unpaid fine, and so on. It is quite likely that you could not resist temptation and would like to see the attached document that is supposed to contain information regarding this alleged matter. Please remember, and it is vital, that when dealing with a fully working ransomware it would not be possible for you to delete Katafrack Ransomware without harming your files and possibly losing them.

If you have remote desktop software installed on your system and it is not safely configured, it is also possible that these cyber criminals can get access to your computer. You need to make sure that you always use strong passwords and you configure such software adequately because felons may crack your password and be able to copy this ransomware to your system and arm it.

As the ransom note states, this malware infection may use the AES-256 algorithm to encrypt your files; however, our sample did not do so. If you are infected with the same version, your files may be safe, too. However, we cannot know when a fully working version emerges on the web and starts spreading. You should know that this threat may be able to encrypt all your important files, including your media files (images, videos, and music), documents, databases, and archives as well. This infection creates a text file named "READ-ME-TO-GET-YOUR-FILES-BACK.txt" on your desktop, which contains payment instructions.

After it finishes its supposed encryption, this ransomware displays its ransom note window. This note informs you that your files have been encrypted and you have to pay 0.02 Bitcoins, which is around 231 US dollars right now but these criminals also accept Ethereum, if you want to get the decryption tool and the decryption key. Once you transferred the money, you are supposed to send a mail to "OrdinalScale@protonmail.com" with your special ID. Obviously, it does not make any sense this time to even think about paying if there has been no encryption. All you need to do is remove Katafrack Ransomware from your system as soon as possible.

Before you could delete the files that can be associated with this malicious attack, you need to close this ransom note window, i.e., the ransomware program. You can do this easily if you launch your Task Manager and identify the malicious process. Please use our guide below as a reference to manually eliminate this threat. If you would like to effectively protect your system from possible future attacks, we suggest that you install a trustworthy anti-malware program like SpyHunter.

Remove Katafrack Ransomware from Windows

  1. Tap Ctrl+Shift+Esc simultaneously to launch Task Manager.
  2. Right-click over the malicious process and select Properties.
  3. Take a look at the Location field and remember the location of the malicious .exe file.
  4. Close this window to return to the list of processes.
  5. While this malicious process is still highlighted, click End task.
  6. Close the Task Manager.
  7. Tap Win+E.
  8. Scan your download folders for recently saved suspicious programs and delete them all.
  9. Bin "READ-ME-TO-GET-YOUR-FILES-BACK.txt" from the desktop.
  10. Empty your Recycle Bin and restart your computer.
Download Spyware Removal Tool to Remove* Katafrack Ransomware
  • Quick & tested solution for Katafrack Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.