Cossy Ransomware
The Cossy Ransomware is an encryption ransomware Trojan that was designed to target computer users in Russia and is probably the work of Russian-speakers. The Cossy Ransomware, like most encryption ransomware Trojans, is designed to use a strong encryption algorithm to make the victim's files inaccessible, then demanding a ransom payment from the victim to return access to the affected files. It is important to take precautions against the Cossy Ransomware and the many similar threats that exist today.
Table of Contents
What are the Consequences of a Cossy Ransomware Attack
The Cossy Ransomware uses the RSA 2048 encryption to make the victim's files inaccessible. Once the Cossy Ransomware enciphers a file, the following strings will be added to the file's name:
'.Защищено RSA-2048'
'.Protected by RSA-2048'
The executable files will be marked with following string:
.lnk.Protected by RSA-2048
The Cossy Ransomware targets the user-generated files and avoids data in the Windows or System folders. The following are examples of the files that threats like the Cossy Ransomware will target in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Cossy Ransomware delivers a ransom note written entirely in Russian. The Cossy Ransomware's ransom note translated into English reads:
'Hello dear friend! Yes, I'm a mean greedy but I have to say it …
forgive …
but …….
all your files ___
SAFE! 1 !! 11 !! 11! 1: DDDDDDDDD
Algorithm RSA! 2048 bits! 4096 too lazy!
It is based on primes it.
I'll tell you just now.
Write to grafimatriux72224733@protonmail.com .
We provide: Free transcript. Paid decryption (and Contractual decryption) *
Contractual decryption is if you have old-time files that have been saved for many years, the decoder is provided free of charge.
Paid decryption costs – 50 rubles in bitcoins, the wallet will be made unique for you. *
You can decrypt 5 files with a size of 5 MB or less for free.
I will not kid you, + give when paying tips to improve the security and deciphering instructions. ”
* – Services provided to us if you write a letter to the file is extremely important infa.RSA-2048 File'
Dealing with the Cossy Ransomware
Malware specialists advise computer users to refrain from contacting the criminals responsible for the attack. Instead, computer users should use a reliable security program to remove the Cossy Ransomware. The files encrypted by the attack cannot be recovered but can be replaced with backup copies after the Cossy Ransomware has been removed. Because of this, having file backups is the best protection against threats like the Cossy Ransomware.
SpyHunter Detects & Remove Cossy Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | 573bb80879be1f303603451e85fd6675 | 0 |