What is Kcbu ransomware?
Kcbu is a recent iteration of STOP/Djvu ransomware. It encrypts the files with a cryptographic algorithm, much like any other ransomware would, and then renames them. The files receive a new four-letter extension, in this case .kcbu file extension. The name of the strain is derived from this extension.
Checking the extension is the only way to reliably identify a strain. You see, STOP/Djvu iterations are very similar to each other, they all leave the same ransom note and demand the same amount of money. You can compare another STOP/Djvu variant, Kcvp and you will see that they’re almost identical.
Although STOP/Djvu did change over time, those days, the ransom note is always named “_readme.txt” and always contains the same text. You can read the text of the note on the image above, though we will also summarize it. The note demands 980 US dollars in ransom, and offers a 50% discount for victims that pay within 72 hours.
Don’t rush to contact the hackers, however. Often, they will completely disappear after receiving the payment and will not decrypt anything. Instead, explore alternative ways to remove Kcbu ransomware and decrypt .kcbu files. Some of these ways are explained in the guide below.