Coba Ransomware
A new ransomware threat named Coba has been uncovered by cybersecurity researchers. Like the vast majority of these types of malware threats, Coba works by encrypting the files on the victim's computer once it infects the system. The ransomware modifies the original filenames by adding the '.coba' extension to them. For example, a file named '1.pdf' is changed to '1.pdf.coba,' and '2.doc' is modified to '2.doc.coba,' and so on. Apart from file encryption, Coba generates a ransom note on the breached device as a text file named '_readme.txt.'
Furthermore, the Coba Ransomware is part of the Djvu family of ransomware. This could mean that additional malware threats may have been deployed on the breached devices. Indeed, operators of Djvu variants have been observed also to infect systems with information stealers, such as RedLine and Vidar.
The Coba Ransomware can Cause Massive Damage to Breached Devices
Based on the ransom note left by the attackers, it is clear that victims who want to regain access to their encrypted files are required to pay for a decryption program and a unique key. The note indicates that victims have a limited time to take advantage of a discounted rate of $490 if they email the attackers within 72 hours. However, if victims fail to do so, they must pay the full amount of $980.
The ransom note contains two email addresses that victims can use to contact the attackers: 'support@freshmail.top' and 'datarestorehelp@airmail.cc.' Victims are urged to use these email addresses to reach out to the attackers and arrange for payment and decryption.
It is important to note that attempting to restore encrypted files without the decryption tools from the attackers is not common. As such, it is not recommended to pay the ransom as there is no guarantee that the attackers will provide the decryption tools even after receiving payment.
Implement Proper Security Measures to Protect Your Data from Ransomware Attacks
To protect their devices and data from ransomware attacks, users should adopt a comprehensive approach that involves various measures.
Users should ensure that they have installed the latest security updates and patches for their operating systems, applications, and antivirus software. Keeping software up-to-date helps to address security vulnerabilities that attackers may exploit.
Secondly, users should avoid clicking on links or downloading attachments from unknown or suspicious sources, especially unsolicited emails. Users should also exercise caution when clicking on pop-ups and ads on websites and avoid visiting malicious websites.
Making regular backups of their data and storing it in secure locations, preferably offline, is strongly recommended. This ensures that in the event of a ransomware attack, users can easily restore their data without having to pay the ransom.
Lastly, users should educate themselves on the latest trends and techniques used by attackers to distribute ransomware. This knowledge can help them to identify and avoid potential threats.
Overall, protecting devices and data from ransomware attacks requires a combination of technical and non-technical measures. Users should adopt a proactive approach to security and remain vigilant to stay safe.
The ransom note dropped by Coba Ransomware is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-hhA4nKfJBj
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
