The authors of the once widespread KANGAROO ransomware have coined a new extortion tool that goes by another popular Russian name – Mischa. Whereas these two undoubtedly represent the same family and share some behavioral patterns, the latter is drastically different from its forerunner. The Mischa ransomware is a more ‘classic’ sample, because it encrypts the end user’s personal files rather than corrupting the Master File Table. This somewhat milder impact, which still allows the infected person to actually boot into Windows, doesn’t make the newcomer Trojan any less hazardous, though. It uses a cryptographic algorithm that’s strong enough to prevent data recovery through brute-forcing, which basically means that the victim runs the risk of losing all important files unless they pay up.
Remove KANGAROO virus: how to decrypt KANGAROO encrypted files