Katafrack Ransomware Removal Guide

Do you know what Katafrack Ransomware is?

Katafrack Ransomware looks like a reworked version of our previously researched malicious application called Ordinal Ransomware. However, unlike the older version of it, the malware seems incapable of encrypting any data located on the infected device. Still, it could claim it was able to lock all of your important files. More than that the malicious application should ask you to pay a ransom in order to receive a decryption key and a decryption tool for data recovery. Naturally, if you encountered this version of Katafrack Ransomware, we advise you not to risk your savings and get rid of it with the removal guide located at the end of this text or a reputable removal tool you trust. Users who wish to get to know this malware better should read our article first.

The threat might be spread via unsecured RDP connections, infected email attachments, malicious software installers, and so on. Thus, if your computer gets infected with Katafrack Ransomware, you may want to remember what was the last file you opened and where did you get it from? In the future, we would advise users to be more cautious with questionable data, for example, attachments from Spam emails, installers from torrent and other doubtful file-sharing web pages, etc. Such data should be either avoided or scanned with a reputable antimalware tool before launching if the user does not wish to endanger the system accidentally. Unfortunately, once the malicious file is executed, there might be no turning back and you might not even realize the system got infected until you see a ransom note.

According to our researchers, the malware should work from the directory where it was launched, so if the user downloads it himself, the Katafrack Ransomware’s launcher could be in the Downloads, Desktop, Temporary Files, or some other folder. Soon after it is executed the malicious application should place a text document with a ransom note called READ-ME-TO-GET-YOUR-FILES-BACK.txt on Desktop. Additionally, it should display a window showing even a more extended version of the ransom note. The window might be either green or red. No doubt, the purpose of the displayed message is to scare the user and convince him to pay a requested amount of Bitcoins. Apparently, the cyber criminals behind the threat want to be paid 0.2 Bitcoins; at the moment of writing it is almost three thousand US dollars.Katafrack Ransomware Removal GuideKatafrack Ransomware screenshot
Scroll down for full removal instructions

Needless to say before even considering paying the ransom we would advise you to check whether your files were or were not damaged; just try to open them, and if they can be opened, it means they are not encrypted. As said earlier, the version of Katafrack Ransomware was incapable of locking any data, but there is a small chance it could be updated, although usually in such case hackers rename upgraded ransomware applications. Since the required sum is huge, we would advise you not to risk it even if the malware manages to damage some of your data. There are no guarantees they have needed decryption tools. Plus, even if they do they may not bother to send them to you because either way, they get to keep the money.

What seems to us it would be best to ignore the presented ransom note and erase Katafrack Ransomware with no hesitation. You can do so either manually while following the removal guide available at the end of the article or with the help of a reputable antimalware tool.

Eliminate Katafrack Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Choose Task Manager.
  3. Identify a suspicious process associated with this malicious application.
  4. Select this process and press the End Task button.
  5. Leave Task Manager.
  6. Tap Windows Key+E.
  7. Navigate to Desktop, Temporary Files, and Downloads folders.
  8. Search for a malicious file that got the system infected.
  9. Right-click the threat’s launcher and press Delete.
  10. Close the File Explorer.
  11. Delete file called READ-ME-TO-GET-YOUR-FILES-BACK.txt from your Desktop.
  12. Empty the Recycle bin.
  13. Restart the system.

In non-techie terms:

Katafrack Ransomware may sound like a scary threat, but our researchers discovered it does not do any damage to user’s data at least for now. Probably the cyber criminals behind the malware are hoping to trick inexperienced users into believing their files are locked, and the only way to decrypt them is to pay a ransom and get the necessary decryption tools. Therefore, if you can open your files and they do not seem to be damaged, you should not waste your money and get rid of this infection at once. To delete it manually, users could follow the removal guide available above this paragraph. Should this task appear to be more complicated than expected, it would be advisable to employ a reputable antimalware tool instead and let it deal with the threat.