Kodc Ransomware

The most active ransomware family of 2019 continues to plague users online in 2020, too – the STOP Ransomware. During 2019, cyber crooks created and distributed over 200 copies of this nasty Trojan. It would appear that the trend is not dying down, as malware analysts have spotted a new copy of the STOP Ransomware and dubbed it the Kodc Ransomware.

Propagation and Encryption

A large number of cybercriminals who create ransomware threats tend to rely on spam email campaigns to propagate their Trojans. The targeted user would receive an email containing a bogus message and a corrupted attachment, which, once launched, would compromise the user’s system. Among other commonly used propagation methods are torrent trackers, fake software updates, fraudulent pirated copies of popular media and applications, etc.

Most ransomware threats are designed to cause as much damage to the infected system as possible. This means that a majority of their target file types are likely to be found on the PC of any user - .mp3, .mp4, .jpeg, .jpg, .png, .gif, .doc, .docx, .xls, xlsx, .rar, .mov, .ppt, .pptx, etc. To lock the targeted data, the Kodc Ransomware would apply a secure encryption algorithm that will render all the encrypted files unusable. Users affected by the Kodc Ransomware may notice that all the locked files have altered names because this file-locking Trojan applies an additional extension - ‘.kodc.’ For example, a file that the user had named ‘white-wolf.jpeg’ will be renamed to ‘white-wolf.jpeg.kodc.’

The Ransom Note

Authors of ransomware usually make sure their threats would drop a ransom note on the victim’s desktop, and the Kodc Ransomware is no exception. This data-encrypting Trojan drops a file named ‘_readme.txt,’ which contains the message of the attackers. In the note, the creators of the Kodc Ransomware state that users who comply and contact them within 72 hours of the attack take place will have to pay $490. However, those who fail to do so will have to pay double the price - $980. The authors of the Kodc Ransomware demand to be contacted via email - ‘helpmanager@iran.ir. To persuade the user to pay up, the attackers offer to unlock one file free of charge.

In case you have fallen victim to the Kodc Ransomware, we would advise you against cooperating with the attackers. There is no guarantee that the authors of the threat will hold up their end of the bargain. This is why it is safer to download and install a legitimate anti-virus solution that will wipe off the Kodc Ransomware from your PC.