Kool Ransomware
Information security researchers uncovered a ransomware variant dubbed Kool while investigating potential malware threats. Ransomware is threatening software created specifically to encrypt data on compromised devices, rendering it inaccessible to users. Subsequently, the perpetrators behind such threats typically demand payment from affected individuals, promising to provide a decryption tool that could restore access to the encrypted files.
The Kool Ransomware operates by employing a distinct file renaming method during the encryption process. In a typical case, a file named '1.doc' would be transformed into '1.doc.kool,' and '2.jpg' would become '2.jpg.kool.' Furthermore, researchers have identified the Kool Ransomware as a variant linked to the STOP/Djvu Ransomware family, which has been expanding over time. Notably, this ransomware family has been observed to be associated with other types of malware, such as the Vidar or RedLine infostealers.
These auxiliary malware tools are utilized by attackers to gather sensitive or valuable information from compromised systems before initiating the encryption process. This information could then be leveraged in double-extortion tactics, where victims are coerced into paying the ransom under threat of exposure or further manipulation of their data.
The Kool Ransomware Leaves Victims Unable to Access Their Own Data
The ransom note dropped by the Kool Ransomware informs victims that all of their files, spanning from personal photos to critical databases and documents, have been encrypted using a robust algorithm and unique key. According to the attackers, the only way to restore access to these files is to pay a ransom for a decryption tool and the corresponding key.
Within the ransom note, recipients are offered a 50% discount on the decryption tool and are provided with two email addresses (support@freshingmail.top and datarestorehelpyou@airmail.cc) for communication purposes. Emphasizing urgency, cybercriminals stress the importance of responding within 72 hours or lose the chance of reducing the price of the decryption tools.
It is strongly advised that individuals whose computers are infected with ransomware, like Kool, refrain from negotiating with the criminals or making any payments. There is a substantial risk that even after paying the ransom, they may not receive the promised decryption tools, resulting in significant financial losses and indirectly supporting criminal activities.
Furthermore, victims should take swift action to remove the ransomware from their systems. This prevents the ransomware from inflicting further damage by encrypting additional files or spreading to other computers within the same network. However, it's crucial to note that eliminating the specific ransomware threat does not automatically unlock any data that has already been encrypted.
How to Boost the Defence of Your Devices against Ransomware Threats Like the Kool Ransomware?
Users can bolster the defense of their devices against ransomware threats by implementing several proactive measures:
- Keep Software Updated: Regularly update operating systems, software, and applications on all devices. Updates are often used to deliver patches for vulnerabilities related to the security of the computer, which could be exploited by ransomware.
- Install Anti-Malware Software: Utilize reputable antivirus and anti-malware programs and keep them updated. These tools are capable of detecting and preventing ransomware infections.
- Enable Firewall Protection: Activate and configure firewalls on devices and networks to block unauthorized access and prevent ransomware from spreading.
- Be Cautious when Interacting with Email Attachments and Links: Be watchful when opening email attachments or clicking on links, especially from unknown or suspicious sources. Exercise caution with unexpected emails, especially those requesting sensitive information or urging urgent action.
- Backup Data Regularly: Implement a robust backup strategy by backing up essential data to external storage devices or cloud services regularly. Ensure backups are encrypted, and multiple copies are stored in different locations.
- Educate Users: Educate users about ransomware threats and safe computing practices. Train them to recognize phishing attempts, suspicious websites, and other common attack vectors.
- Restrict User Privileges: Limit user privileges to only necessary permissions. Restrict administrative access to prevent unauthorized installation of software or modifications to system settings.
- Implement Least Privilege Principle: Adhere to the principle of least privilege, granting users the minimum level of access required to perform their duties. This reduces the potential impact of ransomware infections.
By adopting these proactive measures, users can significantly enhance the defense of their devices against ransomware threats and diminish the risk of falling victim to such attacks.
The ransom note delivered by the Kool Ransomware reads:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
Do not ask assistants from youtube and recovery data sites for help in recovering your data.
They can use your free decryption quota and scam you.
Our contact is emails in this text document only.
You can get and look video overview decrypt tool:Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that's price for you is $499.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshingmail.topReserve e-mail address to contact us:
datarestorehelpyou@airmail.ccYour personal ID:'
