KCW is a ransomware that attacks websites in Pakistan. There are many versions of the ransomware dating back to 2016. Each variant is different from each other either made by everyone in the group or one of the 2 Admins of the group.



KCW is distributed ia compromised web browser's extensions.


When KCW is installed on a site, the site's files will be encrypted and have the .kcwenc extension appended to them. The attack will also leave behind a file name kcwdecrypt.php, which when opened displays a ransom note that claims to have been left by an Anonymous group named the Team Kerala Cyber Warriors. This note explains what happened to the site and provides a way to contact the group at their Facebook page.

The web pages created by this group also plays Induction by Gamma Ray.

Community content is available under CC-BY-SA unless otherwise noted.