Indian Hackers Group Hacked & Encrypt Pakistan Website Files Using KCW Ransomware

Team Kerala Cyber Warriors, a hacking group based out of India, have begun to install ransomware on websites based out of Pakistan. This ransomware, called KCW Ransomware, encrypts the files on a website and then demands a ransom payment in order to get the files back.

You can see a demonstration below of a website infected by the KCW Ransomware.


I first learned about the KCW Ransomware from a security researcher named nullcookies.

When the KCW Ransomware is installed on a site, the site’s files will be encrypted and have the .kcwenc extension appended to them. You can see an example of encrypted files below.

The attack will also leave behind a file name kcwdecrypt.php, which when opened displays a ransom note that claims to have been left by an Anonymous group named the Team Kerala Cyber Warriors. This note explains what happened to the site and provides a way to contact the group on their Facebook page.

The web pages created by this group are well done and happen to play a background song that I must have played over and over. You can hear this music in the video above.

It is not currently known if there is a particular platform being targeted or how the attackers are gaining access to the sites. Furthermore, it is not known if the group is actually decrypting files if a victim pays the ransom.

Attacks motivated by injustice or politics

The attacks being performed by Team Kerala Cyber Warriors, the Indian hacking group behind the KCW Ransomware, appear to be politically motivated. Based on the posts on their Facebook page, these attacks are being performed due to government injustice and corruption and against sites located in Pakistan.

For example, a previous hack protested against the horrific torture and rape of an 8-year-old girl named Asifa Bano.

While their Wikipedia page states that Team Kerala Cyber Warriors were disbanded in January 2018, it appears that they, or someone representing them, is still active.


Credit: BleepingComputer

Ethical Hacking Workshop | Stay Safe and Secure

CEH Course In pune | Slink


Jai Prajapati

Jai Prajapati is a security analyst and author for Securityleaks, where he passion for covering latest happening in cybersecurity world such as malware, breaches, vulnerabilities, exploits, white-papers, hacking newsbytes, Dark Web, hacking tutorials and a few more.

Leave a Reply

Your email address will not be published. Required fields are marked *