Threat Database Ransomware KoKo Locker Ransomware

KoKo Locker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 5
First Seen: December 26, 2016
Last Seen: August 17, 2022
OS(es) Affected: Windows

The 'KoKo Locker' Ransomware is a Trojan that is used to encrypt the victims' files. The 'KoKo Locker' Ransomware is an encryption ransomware Trojan. Essentially, the 'KoKo Locker' Ransomware encrypts the victims' files to demand ransom in exchange for the decryption key. PC security researchers strongly advise computer users to avoid paying the 'KoKo Locker' Ransomware ransom and take preemptive measures to be protected against these attacks.

The After Effects of a 'KoKo Locker' Ransomware Infection

The 'KoKo Locker' Ransomware may be delivered using corrupted email attachments. Once the 'KoKo Locker' Ransomware has carried out its attack, the 'KoKo Locker' Ransomware displays the following ransom note:

'--- KoKoKrypt ---
All of your personal data got encrypted by KokoKrypt!
To unlock all your data of this computer, you have to do the following steps:
1. Get a Bitcoin Wallet
2. Get 0.1 BTC on it
3. Put your BTC Address below
4. Wait for decryption process
Payment may be delayed for 24/48 hours, so don't worry! You have 78h to pay!
After 78h, KoKoKrypt will uninstall itself and leave your files encrypted!
button "Pay using Bitcoin"

The 'KoKo Locker' Ransomware represents a real danger to the victims' files and wallets. The 'KoKo Locker' Ransomware essentially uses a strong encryption algorithm to take over the victim's computer and the files hostage. It then demands the payment of the ransom, as can be observed in the ransom note above. Even if one pays the ransom, it is unlikely that the people responsible for the 'KoKo Locker' Ransomware attack will help computer users recover their files.

How the 'KoKo Locker' Ransomware Attack Works

As soon as the 'KoKo Locker' Ransomware enters a computer, it begins encrypting the victim's files. The 'KoKo Locker' Ransomware does not need to establish a connection to its Command and Control server to begin encrypting the victim's files. The 'KoKo Locker' Ransomware uses the AES-256 and RSA encryption to make the victim's files completely inaccessible. The decryption key necessary to regain access to the files is stored on a remote server, inaccessible to the victim. The 'KoKo Locker' Ransomware tends to encrypt numerous files, including media files, databases, spreadsheets, text and office documents, pictures, eBooks, and numerous others. The files that have been compromised during the 'KoKo Locker' Ransomware attack will have the extension '.kokolocker,' making it simple to know which files have become encrypted.

Dealing with a 'KoKo Locker' Ransomware Infection

The 'KoKo Locker' Ransomware ransom of 0.1 BitCoin (approximately $90 USD at the current exchange rate) is not particularly high when compared to other ransomware Trojans. However, there is no guarantee that the people responsible for the 'KoKo Locker' Ransomware will keep their word and deliver the decryption key once the ransom is paid. They are just as likely to ask for more money or ignore the victim altogether. The claim that the files will be removed after 78 hours is probably not true, designed only to cause computer users to panic and take a rash decision.

The best way to deal with the 'KoKo Locker' Ransomware and other ransomware Trojans is to take preemptive action. Computer users should ensure that they have backups of all files stored on the cloud or an external memory device. Today, storage space is cheaper than it has ever been and having backups of important files is free, or only a tiny fraction of the cost of recovering from an attack like the 'KoKo Locker' Ransomware. Most importantly having a backup of all files makes computer users invulnerable to attacks like the 'KoKo Locker' Ransomware since con artists have no leverage to ask for a ransom payment if computer users can simply recover their files from the backup. Computer users also can intercept the 'KoKo Locker' Ransomware with a reliable security program that is fully up-to-date.

SpyHunter Detects & Remove KoKo Locker Ransomware

File System Details

KoKo Locker Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe dbac4f4e6c9ef15ccda593ced4408b17 1


Most Viewed