Threat Database Ransomware Kolz Ransomware

Kolz Ransomware

By GoldSparrow in Ransomware

The Kolz Ransomware is designed to target all popular files and encrypt them with cryptographic algorithms that cannot be brute-forced. This ensures that the hackers behind the ransomware threat are the only ones that possess the decryption key needed for the restoration of the files. When the Kolz Ransomware encrypts a file, it appends the extension '.kolz' to the original filename. The instructions left by the hackers are dropped in the form of a text file named '_readme.txt' that is created in every folder containing locked data. The Kolz Ransomware is a newly discovered ransomware threat that belongs to the STOP/Djvu Ransomware family. 

Victims of the Kolz Ransomware are provided with two email addresses for contact with the cybercriminals. The primary address is helpmanager@mail.ch, while the reserve email is 'restoremanager@airmail.cc.' The ransom specifies that the sum demanded by the hackers in exchange for the decryption tool and key is $980. If the users affected by the Kolz Ransomware establish contact within the first 72 hours of the infection, they would be offered a 50% reduction and the price goes to $490. They also can send one file to be decrypted for free. The note doesn't mention any restrictions for the file, only that it shouldn't contain valuable information.

Handling the aftermath of a ransomware infection is not easy. Many users might be tempted to make the payment to the hackers. However, it may not be the best unravelment, according to most infosec experts. There are no guarantees that the hackers would honor their end of the bargain and not simply walk away with the money and start working on their next malware threat.

The ransom note of Kolz Ransowmare is:

'ATTENTION!

Don't worry, you can return all your files!

All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.

The only method of recovering files is to purchase decrypt tool and unique key for you.

This software will decrypt all your encrypted files.

What guarantees you have?

You can send one of your encrypted file from your PC and we decrypt it for free.

But we can decrypt only 1 file for free. File must not contain valuable information.

You can get and look video overview decrypt tool:

hxxps://we.tl/t-18R6r7GGG8

Price of private key and decrypt software is $980.

Discount 50% available if you contact us first 72 hours, that's price for you is $490.

Please note that you'll never restore your data without payment.

Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

helpmanager@mail.ch

Reserve e-mail address to contact us:

restoremanager@airmail.cc

Your personal ID:'

How Did Kolz Ransomware Infect my Computer?

Kolz ransomware primarily spreads through email attachments and through vulnerabilities in software and operating systems. Here are some likely scenarios that saw Kolz ransomware get on your computer:

  • Cybercriminals send out emails. These emails have fake header information to look like they came from a shipping company like FedEx. The email says that the company attempted to deliver a package but was unsuccessful. The email could also claim to be a notification about a shipment you’ve sent. Either way, readers are told they have to click on a link or download an attachment to learn more. Accessing the attachment infects your computer with Kolz ransomware.
  • Kolz ransomware can also get on computers by exploiting software and operating system vulnerabilities. Web browsers, third-party applications, Microsoft Office, and the operating system of the computer are all vulnerable if left without updates.

What to do if Kolz Ransomware Infects Your Computer

The worst thing you could do with a Kolz infection is to give in to the attacker’s demands and send them money. There is no guarantee that you will get the decryption key/tools you were promised. It’s more likely that they will take your money and run with it, leaving you with a broken computer and no money.

Instead, you should use an antivirus or antimalware program to remove the infection first. Removing the virus won’t bring your data back, but it does prevent further encryption in the future. As to how you can restore your files, your best bet is to use an external backup. The potential for data loss is the leading reason to keep data backups. You could be out of luck if you don’t already have one, as ransomware programs like this tend to delete the Shadow Volume Copies on the computer. These are the internal backups that Windows uses for System Restore and similar features.

Once you remove the infection and get your data back, take care to avoid infections in the future. Avoid interacting with spam emails from suspicious sources, keep applications and your operating system updated to the latest version, and avoid pirated software. Not only is it illegal, but cybercriminals regularly hide viruses in cracked software.

Trending

Most Viewed

Loading...