The new cipher-extortionist Kangaroo became widely circulated on the Internet, according to Bleeping Computer company in his blog. Malicious software encrypts files on the victim's hard drive, and does not let her get into Windows.

How does malware

Experts say that the Kangaroo create the same developers as the Apocalypse. This software, as well as later modifications Fabiansomware Esmeralda and tried to block the entrance to Windows, and demanded a ransom for the restoration of access and decrypt files.
Malicious software displays a message to the login screen.

Also, the cipher makes changes to the registry, due to which there is an additional warning. Stop Windows Explorer process and the inability to launch Task Manager to complicate the situation.

There is a solution: a login you need to press Alt + F4 or load Windows in Safe Mode

Distributing malicious software, however, is by no means traditional methods. Attackers manually hack the computers of victims and use Remote Desktop to implement cipher.
When you first run the Kangaroo appears on the screen the unique ID of the victim and the encryption key file encryption process starts.

Extensions processed files are changed to .crypted_file, for each message is created with the ransom. Means for decrypting the file yet.