Click on screenshot to zoom
Danger level 7
Type: Trojans

KBK Ransomware

What would you do if you knew there was a malicious infection targeting your personal files? Surely, you would try to avoid it. KBK Ransomware is that kind of infection, and if it has not taken hold over your personal files yet, it is crucial that you take all measures against it. First and foremost, secure your system, which you can do by employing reliable security software and by practicing safe browsing. Second, secure your personal files by creating backups. If you store copies of your personal files online or using external hard drives, you will always have replacements in case something goes wrong. That means that even if security software fails you – which can happen with new infections or if the software is not updated in time – you will not lose your personal files. Unfortunately, if backups do not exist, ransomware can be extremely dangerous. You cannot restore your files by removing KBK Ransomware, but that does not mean that you can postpone the elimination of this threat once it slithers in.

KBK Ransomware is a variant of GlobeImposter 2.0 Ransomware, a malicious infection that our research team is already familiar with. A removal guide is also available on our website. It was discovered that this infection is most likely to use RDP (remote desktop protocol) flaws, vulnerabilities, and backdoors to slither in, and so you need to be cautious about that. Of course, cybercriminals are unpredictable, and they can always change their course of action, which is why you cannot let your guard down even when you are going through your emails, visiting new, unfamiliar websites, or interacting with any content found online in general. If KBK Ransomware slithers in successfully, the files are encrypted right away, and the “.{Killback@protonmail.com}KBK” extension is added to their names. While deleting this extension is possible and easy to do, do not waste your time on this. It is more important to remove the file named “decrypt_files.html” that you should find created along with the corrupted files. Of course, this file contains a message from your attackers, and you might be interested in learning what they want.

According to the message delivered by KBK Ransomware, your personal files were encrypted, and you need a “decryption program” to have them restored. Obtaining this decryptor is not straightforward at all. First, you are instructed to send one test file to Killback@protonmail.com along with a personal ID number that is included in the message. Then, the attackers are supposed to decrypt the test file and send it back to you along with the instructions on how to pay a ransom. Obviously, if the file is decrypted, you might be convinced that paying the ransom is a good option. The thing is that the attackers cannot be forced to give you the decryptor once you pay the ransom. Instead, they could disappear and stop communicating with you via email. Speaking of that, communicating with attackers is dangerous because you never know what they could send you. Note that they could even try to scam you in the future! Overall, you need to decide for yourself what you should do, but we do not recommend paying the ransom or paying any attention to other demands that KBK Ransomware creators might have.

Depending on how KBK Ransomware slithered in, you might or might not be able to find this infection yourself. If you can find it, removing it manually should not be hard. The guide below presents the other two components that must be eliminated. If deleting KBK Ransomware manually is not possible, employ a trusted anti-malware tool. You already know that using this tool to have your system protected in the future is important, and so this might be the best time to take the jump and get yourself a reliable security tool. That being said, you still need to backup your personal files. We hope that backups already exist and that you can use them to replace the files corrupted by the infection. In that case, there is absolutely no reason for you to contact the attackers or pay attention to their instructions. Should you want to discuss anything relating to the infection further, the comments section is open.

KBK Ransomware Removal

  1. Delete the [random].exe launcher of the infection.
  2. Tap Win+R keys to access Run.
  3. Enter regedit into the dialog box to access Registry Editor.
  4. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  5. Delete the BrowserUpdateCheck value. The value data should point to %APPDATA%\[random].exe.
  6. Tap Win+E keys to access Windows Explorer.
  7. Enter %APPDATA% into the quick access field at the top.
  8. Delete the malicious [random].exe file.
  9. Delete all copies of the decrypt_files.html file. It should exist next to the encrypted files.
  10. Empty Recycle Bin and then scan your operating system using a legitimate malware scanner.
Download Spyware Removal Tool to Remove* KBK Ransomware
  • Quick & tested solution for KBK Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.