Warning to Computer Users! Cybercriminals have formulated a malicious ransomware, evidently targeting websites powered by the popular Magento e-commerce platform, capable of encrypting their essential files. Already seen circulating in the cyber world, this new threat must be taken seriously. Deploying a symmetric, 256-bit Rijndael block cipher, it encrypts files stored on the server and adds either a ".kimcilware" or ".locked" file extension. It also creates an index.html file or README_FOR_UNLOCK.txt file containing a ransom-demanding message. The scope of the threat has left many PC users wondering how to identify and remove KimcilWare ransomware, as well as how to clean up any remaining registry entries.
How KimcilWare Ransomware Works
As pointed out above, the KimcilWare ransomware is a crypto virus tailored to strike Magento e-commerce platform-enabled websites. While it's not definitively known if KimcilWare is only created to attack Magento websites, no cases of infection have been reported on other platforms. Although there are experts who believe that the threat could potentially target any PHP website. Those impacted by KimcilWare have been directed to communicate with tuyuljahat(at)hotmail.com, an email address that is also utilized for MireWare - a buggy version of Windows ransomware based on Hidden Tear, whose creator included intentional encryption flaws in order to avoid unlawful usage. In addition to its encryption capabilities, Kimcilware is also known to launch a backdoor, thus allowing remote users to dump whatever files they want onto your machine after the initial infection has already taken place.
The required payment varies from one infection to another and may reach up to 1 Bitcoin for a “decryption package". Unfortunately, there are no tools capable of restoring compromised data unless you somehow manage to lay your hands on the encryption key used in the attack. That is why, victims often must rely on a backup to restore their files.
KimcilWare is mainly distributed via Trojans, fake software updates, malicious email attachments, and peer-to-peer (P2P) networks. To prevent infection, users should keep all installed software up-to-date and use a legitimate anti-virus/anti-spyware suite, as well as be cautious when downloading files/applications from third-party sources and opening files sent from unrecognized and/or suspicious emails. Paying the ransom does not guarantee that files will be decrypted, as cybercriminals often do not respond to victims even if payment is made.
Removal and Prevention
To uninstall KimcilWare and related malware, users should utilize anti-malware or antivirus software that's capable of safely detecting and eliminating ransomware threats. The cleaning up KimcilWare may prove to be a nearly impossible feat to perform manually, regardless of whether the user is using Windows 10, 8, 7, Vista, or XP.
The most effective prevention against KimcilWare ransomware is to practice good security habits, such as regularly creating backups and keeping your software up-to-date. If your computer has been infected with KimcilWare, or you suspect that it could have such a malware threat present, it is recommended that you immediately disconnect from the internet and run a full scan using reliable anti-malware software. If the infection cannot be removed, you can use a file recovery program to try and recover your data. Reinstalling the operating system may also be necessary in order to completely remove the ransomware from your system.
