google-site-verification: google30a059f9a075f398.html

Indian Hackers Group Hacked & Encrypt Pakistan Website Files Using KCW Ransomware

CyberWisdom Safe Harbor Commentary

gbhackers.com highlights the truth about one of the famous Indian Hacking group called “Kerala Cyber Warriors” compromised Pakistan based Welfare organization website and encrypt the website files using KCW Ransomware.

This group of hackers actively attacking over 1000 of Pakistan and Bangladesh based websites such as government websites, website websites for various motivations.

KCW (Kerala Cyber Warriors) Ransomware used to encrypting the website files using encryption algorithm and then appends file names with .kcwenc to demand the ransom amount.

Attacker Initially defaced the website using the existing vulnerabilities in the website such as SQL injection and then find the loopholes in order to access the files.

Also Read: Ransomware Attack Response and Mitigation Checklist

Once they reached the web file then inject the ransomware called KCW(Kerala Cyber Warriors) to Start the encryption process.

One of the security Researchers initially reported on Twitter said, “Interesting story behind it involving Indian cyber-vigilantes compromising Pakistani web hosts. A complete mess dev-wise, but cool backstory. Hadn’t seen this until today.”

View image on TwitterView image on TwitterView image on TwitterView image on Twitter Anyone familiar with ransomware that encrypts web files and then appends file names names with .kcwenc? Interesting story behind it involving Indian cyber-vigilantes compromising Pakistani web hosts. A complete mess dev-wise, but cool backstory. Hadn’t seen this before today .

Most of the import files that belong to compromise website has been locked and changes file extension as ..kcwenc. Not all the files have been encrypted, there are some folder files still can be publicly accessible by anyone.

Hackers leave the ransom note in the file name called kcwdecrypt.php that contain a complete information about the contact, who they are and how many of them were involved in this attack with each person’s dummy name.

GH057_R007 | 8L4CK_P3RL | F0R81DD3N_H4CX3R | RED LIZARD | S3CU617Y_R1PP36 | 4N0N_5P1D3R | RED_LIZARDCH @ CH_4-RC7 | M3GA_M1ND | D0PP3l_64N63R | K1LL3R_C0BR4 {PP} | C0D3_PH03N1X | 5H4D0W_HUN73rB4HZ1 | 4S7R4 | V33R4PP4N | C47_HUN73R | CJ_N4P573R | 5H1VJ1_M4H4R4J | PH4N70M
Basically ransomware attacks main motivation will be money and the hackers usually demand anonymous cryptocurrency such as Bitcoin, but this attacker didn’t demand any ransom amount instead of the request to contact them for the decryption key.

Also, they have given the contact information that point out to their Facebook Page and the main motivation of this attack was unclear. and also their hackers team has been listed on the Wikipedia page.

The compromised website is still not has been recovered and the website owners are not taking any action regarding this attack.

This group of hackers actively attacking over 1000 of Pakistan and Bangladesh based websites such as government websites, website websites for various motivations.

KCW (Kerala Cyber Warriors) Ransomware used to encrypting the website files using encryption algorithm and then appends file names with .kcwenc to demand the ransom amount.

Attacker Initially defaced the website using the existing vulnerabilities in the website such as SQL injection and then find the loopholes in order to access the files.

Also Read: Ransomware Attack Response and Mitigation Checklist

Once they reached the web file then inject the ransomware called KCW(Kerala Cyber Warriors) to Start the encryption process.

One of the security Researchers initially reported on Twitter said, “Interesting story behind it involving Indian cyber-vigilantes compromising Pakistani web hosts. A complete mess dev-wise, but cool backstory. Hadn’t seen this until today.”

View image on TwitterView image on TwitterView image on TwitterView image on Twitter

Anyone familiar with ransomware that encrypts web files and then appends file names names with .kcwenc? Interesting story behind it involving Indian cyber-vigilantes compromising Pakistani web hosts. A complete mess dev-wise, but cool backstory. Hadn’t seen this before today .

Most of the import files that belong to compromise website has been locked and changes file extension as ..kcwenc. Not all the files have been encrypted, there are some folder files still can be publicly accessible by anyone.

Hackers leave the ransom note in the file name called kcwdecrypt.php that contain a complete information about the contact, who they are and how many of them were involved in this attack with each person’s dummy name.

GH057_R007 | 8L4CK_P3RL | F0R81DD3N_H4CX3R | RED LIZARD | S3CU617Y_R1PP36 | 4N0N_5P1D3R | RED_LIZARDCH @ CH_4-RC7 | M3GA_M1ND | D0PP3l_64N63R | K1LL3R_C0BR4 {PP} | C0D3_PH03N1X | 5H4D0W_HUN73rB4HZ1 | 4S7R4 | V33R4PP4N | C47_HUN73R | CJ_N4P573R | 5H1VJ1_M4H4R4J | PH4N70M
Basically ransomware attacks main motivation will be money and the hackers usually demand anonymous cryptocurrency such as Bitcoin, but this attacker didn’t demand any ransom amount instead of the request to contact them for the decryption key.

Also, they have given the contact information that points out to their Facebook Page and the main motivation of this attack was unclear. and also their hackers team has been listed on the Wikipedia page.

The compromised website is still not has been recovered and the website owners are not taking any action regarding this attack.

read more…

One of the famous Indian Hacking group called “Kerala Cyber Warriors” compromised Pakistan based Welfare organization website and encrypt the website files using KCW Ransomware. This group of hackers actively attacking over 1000 of Pakistan and Bangladesh based websites such as government websites, airport websites for various motivations. KCW (Kerala Cyber Warriors) Ransomware used to encrypting the website Engaging post, Read More…

thumbnail courtesy of gbhackers.com

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Indian Hackers Group Hacked & Encrypt Pakistan Website Files Using KCW Ransomware

Add a Comment

Your email address will not be published. Required fields are marked *