Cobra Ransomware

The Cobra Ransomware is an encryption ransomware Trojan that PC security analysts first observed being used to carry out attacks on November 13, 2017. The Cobra Ransomware seems to be a variant of Crysis, a family of ransomware Trojans that has been carrying out attacks on computer users for a long time. There is very little to tell the Cobra Ransomware apart from other Crysis variants. The Cobra Ransomware seems to be delivered to victims through damaged email attachments, typically taking the form of corrupted Microsoft Word documents attached to spam email messages from spoofed email addresses. These messages will have compromised macro scripts that download and install the Cobra Ransomware on the victim's computer.

The Cobra Poison that will Affect Your Files

Once the Cobra Ransomware is installed on the victim's computer, it starts encrypting the victim's files. Threats like the Cobra Ransomware encrypt the user-generated files while avoiding the files that Windows requires to function. This is because these infections need the operating system to remain functional to deliver a ransom note. Examples of the file extensions that the Cobra Ransomware will search for in its attack include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Cobra Ransomware uses a strong encryption algorithm to make the files it finds inaccessible. This allows the Cobra Ransomware to take the victim's files hostage until the victim pays a fee in exchange for the decryption key necessary to recover the affected files. The Cobra Ransomware will mark all of the files it encrypts by adding the file extension '.cobra' at the end of each affected files' names. The Cobra Ransomware will rename the victim's files following the pattern below:

..id-[8 random chars].[email account].cobra

The Cobra Ransomware delivers a ransom note urging the victim to contact its perpetrators via email to receive instructions on how to pay the ransom and recover the affected files.

Dealing with a the Cobra Ransomware Infection

Unfortunately, once the Cobra Ransomware encrypts a file, it is no longer recoverable with current technology. Because of this, to protect your data from threats like the Cobra Ransomware you should use a trustworthy backup system so that you will have copies of your files on sage places, especially ones that the threat can't encrypt or delete. If computer users have backup copies of their files, then there is no need to pay the Cobra Ransomware ransom or follow the Cobra Ransomware's instructions. In fact, this preventive method is so effective that if enough computer users had backup copies of their files, it is likely that attacks like the Cobra Ransomware would stop entirely since computer users would not need to pay ransoms to recover their files. Apart from having file backups, computer users should use an updated security program to protect their computers from threats like the Cobra Ransomware. Although security software will not help computer users restore the files compromised by a Cobra Ransomware attack, computer users can make sure that threatening software like the Cobra Ransomware does not enter a computer in the first place.