Kiss Ransomware Removal Guide

Do you know what Kiss Ransomware is?

Kiss Ransomware is an infection that was created to demand money, aka, a ransom. To make the demand substantial, the attackers behind this infection take your personal files hostage by encrypting them. When files are encrypted, the data is changed, and that renders the files unreadable. A decryptor is a tool or a key that unlocks the files, and that is what the attackers are likely to dangle in front of you to convince you to pay the ransom. Should you give in? There are reasons why doing that is a bad idea, and we discuss them in this report. We also discuss the different Kiss Ransomware removal options you can choose from. Finally, we talk about how to secure your system against this kind of malware in the future.

It is possible that you have unleashed Kiss Ransomware yourself. Cybercriminals are smart, and they know that they stand no chance of executing malware successfully if victims can recognize it. Due to this, they can use misleading downloaders and spam email messages to trick you into downloading and opening files that look harmless but, in reality, are malicious. If you do not remember downloading or opening anything suspicious in the recent past, perhaps your system is outdated and unprotected, and cybercriminals have managed to find a vulnerability that they could have exploited silently. Whatever the case is, if Kiss Ransomware has slithered in, your personal files must be encrypted now. You can easily tell which files were encrypted because the “.[id-{code}].[decodor@airmail.cc].kiss” extension should be appended to their names. Do not bother removing this extension or renaming the file. That will not help.

After encryption, Kiss Ransomware drops a file named “%$ BACK FILES !#.html.” The message inside is very straightforward: “decrypt files? write to decodor@airmail.cc or telegram @assist_decoder.” Of course, we do not recommend emailing the attackers at decodor@airmail.cc or via Telegram at @assist_decoder. If you contact the attackers, they will demand money from you, and even if the ransom is not big, you need to understand that cybercriminals are not interested in helping you. They only care about your money, and they can tell you and promise you anything just to trick you. Kiss Ransomware is a new variant of Paradise Ransomware, and the victims of this malware faced the same kind of issue. Of course, the victims of this malware could employ a free decryptor created by Emisoft, and a reliable decryptor that could assist the victims of the Kiss variant did not exist at the time of research. That being said, even if you cannot restore files, we do not recommend paying the ransom because that is too risky.Kiss Ransomware Removal GuideKiss Ransomware screenshot
Scroll down for full removal instructions

According to our malware experts, Kiss Ransomware does not create other files besides its own launcher and the ransom note file. Since the attackers want you to find the ransom note file, it should be dropped in an obvious location (e.g., on Desktop), or, perhaps, copies of it are scattered all across the system. When it comes to the launcher file, it could be anywhere, and we cannot even know the name of this file. Needless to say, if you cannot detect it, you will not be able to delete Kiss Ransomware manually. That is not a big problem because you can always use an anti-malware program to have the infection deleted automatically. This program could also secure your system against new infections in the future, and so we strongly recommend installing it. Also, do not forget to update your system and software, and also make it a habit of yours to backup all files online or using external drives. If you have backups now, you can easily replace the files corrupted by the devious ransomware.

Remove Kiss Ransomware

  1. Delete all recently downloaded suspicious files.
  2. Delete the ransom note file named %$ BACK FILES !#.html.
  3. To complete the removal, Empty Recycle Bin.
  4. Use a malware scanner to inspect the system for leftovers.

In non-techie terms:

When Kiss Ransomware invades an operating system, it encrypts files, and once all files are corrupted, a ransom note file is dropped to push victims into contacting the attackers. If you contact them, they are likely to demand money from you, and since there are no guarantees that you would get anything in return for that, we suggest that you do not expose yourself to the attackers at all. Unfortunately, at the time of research, it was not possible to decrypt files, and victims could only walk away scratch-free if they had backups that could replace the encrypted files. Hopefully, you have backups, and you can use them after you delete Kiss Ransomware. If you can locate the launcher, it should be possible for you to remove this malware manually, but since you also need to think about Windows protection, we suggest that you employ reliable anti-malware software.