COSANOSTRA Ransomware
The COSANOSTRA Ransomware is an encryption ransomware Trojan that was first observed in the final week of January 2019. The COSANOSTRA Ransomware is not entirely new and is based on various encryption ransomware Trojans released earlier, such as the GarrantyDecrypt Ransomware first observed in the Fall of 2018. The COSANOSTRA Ransomware seems to be distributed using corrupted versions of shareware and freeware software, as well as through unsafe spam email attachments containing embedded macro scripts. Once installed, the COSANOSTRA Ransomware carries out a typical encryption ransomware attack.
COSANOSTRA Now is After Files
The COSANOSTRA Ransomware is designed to take the victims' files hostage in its attack, to demand a ransom payment. The COSANOSTRA Ransomware targets the user-generated files, which may include numerous media files, documents, databases, configuration files and numerous others. The COSANOSTRA Ransomware targets the files specified below in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The COSANOSTRA Ransomware changes the files it compromises by marking them with the file extension '.cosanostra,' which is added to each compromised file. The COSANOSTRA Ransomware will then deliver a ransom note in the form of a text file named '#RECOVERY_FILES#.txt,' which contains the following message:
'All your files have been encrypted!
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
YOU have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address
cosanostra19@protonmail.com
And tell us your unique ID
ID: [random characters]'
However, the criminals responsible for the COSANOSTRA Ransomware attack have no intention of helping the victims recover their files after an attack. Because of this, computer users should avoid paying the COSANOSTRA Ransomware ransom or contacting the criminals responsible for the attack.
Protecting Your Data from Threats Like the COSANOSTRA Ransomware
The best protection against threats like the COSANOSTRA Ransomware is to have backup copies of all of your files. These backups should be stored in safe locations. Apart from file backups, a security program should be present to prevent threats like the COSANOSTRA Ransomware from being installed. Since the COSANOSTRA Ransomware is commonly delivered through corrupted file downloads, making sure to only obtain applications from trusted sources rather than from questionable third parties is an essential part of preventing the COSANOSTRA Ransomware attacks.
