Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Can't be uninstalled via Control Panel

Kerkoporta Ransomware

If you live in Greece, you need to be careful about a new infection called Kerkoporta Ransomware (or κερκόπορτα Ransomware). This malware was not unleashed at the time of research, but it is believed that it could be used to encrypt files on vulnerable Windows operating systems pretty soon. It is crucial that you are careful when opening spam emails – which you should not do, – downloading software, interacting with random ads and pop-ups, and doing other things that could open up security backdoors. It is most important that you secure your operating system and your files. It is recommended that you install reliable security software to keep your system strong against malware, and when it comes to personal files, there is no better way of protecting them than by backing them up externally. You should not rely on backups provided by the operating system because some ransomware threats are capable of circumventing this security measure. So, are you trying to delete Kerkoporta Ransomware or are you just reading to familiarize yourself with it? You will find important information regardless of which situation you are in.

Kerkoporta Ransomware is created to encrypt files, as well as to lock the screen, which can be confusing. There are so many screen-lockers that only pose as file-encryptors, and so it might be hard for you to see whether or not files were encrypted. According to our research team, this ransomware does encrypt files, and when it does it attaches a unique extension (“.encryptedsadly”) to their names. If you need to see which files were encrypted and which ones were not – that is if the threat works in the first place – you can always reboot your system into Safe Mode. You will not be able to see which files were encrypted in normal mode because of the screen-locking window that will pop up as soon as the encryption process is finished. This window shows messages in Greek and English, and they both suggest that the victim of Kerkoporta Ransomware must pay $100 for a decryption key. The ransom must be paid by purchasing a gift card from Amazon and then entering the gift card code into the allocated box on the window. So, what happens if you pay the ransom? Unfortunately, your files are likely to remain encrypted.

The creators of Kerkoporta Ransomware, Kristina Ransomware, Gibon Ransomware, Pennywise Ransomware, and thousands of other threats alike do not care about their victims. All they focus on is getting money, and they do not care that regular users are suffering because of it. Sure, losing 100 USD is bad enough, but it does not compare to the loss of personal photos and documents and other sensitive and valuable files. This is why ransomware is so detrimental and dangerous. Our research team has analyzed hundreds of different file-encrypting threats, and only a few times were users provided with decryption keys that worked, and, in most cases, these keys were revealed by security experts, not by cyber criminals themselves. You cannot recover files by removing Kerkoporta Ransomware or changing the extension attached to their names either. This is why we urge all users to back up personal data as soon as possible. This might be the only way to prevent the loss of personal files.

The malicious Kerkoporta Ransomware files are stored in the Windows Update Protocol folder under %APPDATA%\Microsoft\Windows\. Then there’s a file called “WindowsUpdates.lnk” that you can find in the Startup folder. We show you how to remove Kerkoporta Ransomware elements in the guide below, but we cannot guarantee that you will succeed. If manual removal is too much for you, you can also go with anti-malware software. This is the superior option because anti-malware software can simultaneously clean and protect your Windows operating system. While you can protect your files by backing them up, you also want full-time protection because there are other kinds of malware that could jeopardize your virtual security by stealing information, hijacking your accounts, impersonating you, downloading malware, and so on. If you do not want to worry about malicious threats in the future, you must take care of your virtual security.

Kerkoporta Ransomware Removal

  1. Right-click and Delete the {unknown name}.exe file that is the launcher of the ransomware.
  2. Simultaneously tap keys Win+E to launch Windows Explorer.
  3. Enter %APPDATA%\Microsoft\Windows into the bar at the top.
  4. Right-click and Delete the folder named Windows Update Protocol.
  5. Right-click and Delete the filenamed WindowsUpdates.lnk in these directories:
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  6. Empty Recycle Bin and then immediately perform a full system scan to check if your system is clean.
Download Spyware Removal Tool to Remove* Kerkoporta Ransomware
  • Quick & tested solution for Kerkoporta Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.