Tuesday, May 13, 2025
HomeRansomwareIndian Hackers Group Hacked & Encrypt Pakistan Website Files Using KCW Ransomware

Indian Hackers Group Hacked & Encrypt Pakistan Website Files Using KCW Ransomware

Published on

SIEM as a Service

Follow Us on Google News

One of the famous Indian Hacking group called “Kerala Cyber Warriors” compromised Pakistan based Welfare organization website and encrypt the website files using KCW Ransomware.

This group of hackers actively attacking over 1000 of Pakistan and Bangladesh based websites such as government websites, airport websites for various motivations.

KCW (Kerala Cyber Warriors) Ransomware used to encrypting the website files using encryption algorithm and then appends file names with .kcwenc to demand the ransom amount.

- Advertisement - Google News

Attacker Initially defaced the website using the existing vulnerabilities in the website such as SQL injection and then find the loopholes in order to access the files.

Also Read: Ransomware Attack Response and Mitigation Checklist

Once they reached the web file then inject the ransomware called KCW(Kerala Cyber Warriors) to Start the encryption process.

One of the security  Researchers initially reported on Twitter said, “Interesting story behind it involving Indian cyber-vigilantes compromising Pakistani web hosts. A complete mess dev-wise, but cool backstory. Hadn’t seen this until today.”

Most of the import files that belong to compromise website has been locked and changes file extension as ..kcwenc. Not all the files have been encrypted, there are some folder files still can be publicly accessible by anyone.

Hackers leave the ransom note in the file name called kcwdecrypt.php that contain a complete information about the contact, who they are and how many of them were involved in this attack with each person’s dummy name.

GH057_R007 | 8L4CK_P3RL | F0R81DD3N_H4CX3R | RED LIZARD | S3CU617Y_R1PP36 | 4N0N_5P1D3R | RED_LIZARDCH@CH_4-RC7 | M3GA_M1ND | D0PP3l_64N63R | K1LL3R_C0BR4{PP} | C0D3_PH03N1X | 5H4D0W_HUN73rB4HZ1 | 4S7R4 | V33R4PP4N | C47_HUN73R | CJ_N4P573R | 5H1VJ1_M4H4R4J | PH4N70M

Basically ransomware attacks main motivation will be money and the hackers usually demand anonymous cryptocurrency such as Bitcoin, but this attacker didn’t demand any ransom amount instead of the request to contact them for the decryption key.

Also, they have given the contact information that point out to their Facebook Page and the main motivation of this attack was unclear. and also their hackers team has been listed on Wikipedia page.

The compromised website is still not has been recovered and the website owners are not taking any action regarding this attack.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Apple Releases Security Patches to Fix Critical Data Exposure Flaws

Apple released critical security updates for macOS Sequoia 15.5 on May 12, 2025, addressing...

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cybercriminals Hide Undetectable Ransomware Inside JPG Images

A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image...

New Mamona Ransomware Targets Windows Systems Using Abused Ping Command

Cybersecurity researchers are raising the alarm about a newly discovered commodity ransomware strain dubbed Mamona,...

Play Ransomware Deployed in the Wild Exploiting Windows 0-Day Vulnerability

Patched Windows zero-day vulnerability (CVE-2025-29824) in the Common Log File System (CLFS) driver was...