KOK8 Ransomware
The KOK8 Ransomware is an encryption ransomware Trojan first observed on August 27, 2018. The KOK8 Ransomware carries out a typical version of these attacks and belongs to a family of ransomware that has been responsible for other attacks in 2018, which includes the Matrix Ransomware. The KOK8 Ransomware and its variants are mostly delivered through damaged spam email attachments, and computer users must take precautions when dealing with this content kind.
How the KOK8 Ransomware Trojan Attacks a Computer
The KOK8 Ransomware uses a strong encryption algorithm to make the victim's files inaccessible, targeting the user-generated files that may include media files, various document types, databases and numerous others. The files typically encrypted in attacks like the KOK8 Ransomware include:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
Once the KOK8 Ransomware has completed its attack, it adds the file extension '[KOK8@protonmail.com].-.KOK8' to each file affected by the attack. The KOK8 Ransomware also delivers a ransom note in the form of an RTF file named '#KOK8_README#.rtf,' which is dropped on the infected computer's desktop. The text of the KOK8 Ransomware ransom note reads:
'HOW TO RECOVER YOUR FILES INSTRUCTION
ATENTION!!!
We are really sorry to inform you that ALL YOUR FILES WERE ENCRYPTED by our automatic software. It became possible because of bad server security.
ATENTION!!!
Please don't worry, we can help you to RESTORE your server to original state and decrypt all your files quickly and safely!
INFORMATION!!!
Files are not broken!!! Files were encrypted with AES-128+RSA-2048 crypto algorithms. There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automatically DELETED
AFTER 7 DAYS! You will irrevocably lose all your data! ' Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!
Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.
HOW TO RECOVER FILES???
Please write us to the e-mail (write on English or use professional translator): KOK8@protonmail.com
You have to send your message on each of our 3 emails due to the fact that the message may not reach their intended recipient for a variety of reasons!
In subject line write your personal ID:
[random characters]
The best protection when dealing with threats like the KOK8 Ransomware is to have file backups. This simple action allows computer users to restore the encrypted content after an attack.
