Threat Database Ransomware Koolova Ransomware

Koolova Ransomware

By GoldSparrow in Ransomware

The Koolova Ransomware is a ransomware Trojan that was designed to harass computer users, under the pretext of educating them about ransomware Trojans. The Koolova Ransomware encrypts the victim's data and then drops a ransom note. However, instead of demanding a ransom from the victim, it asks that the victim read two articles about ransomware to recover the affected data. The Koolova Ransomware is incomplete apparently and does not ask for ransom. However, the Koolova Ransomware does threaten the victim, claiming that it will delete the victim's files if the victim does not read the two articles suggested in its ransom note. Despite its intentions, the Koolova Ransomware is still a threat that infects the victims' computers and carries out a threat attack.

The Interesting Demand Contained on the Koolova Ransomware Ransom Note

The Koolova Ransomware uses a typical encryption method, which involves an asymmetric encryption to take over the victim's data. The Koolova Ransomware targets typical file types encrypted in these attacks, such as documents, media files and images. The Koolova Ransomware displays the following ransom message on the victim's computer:

'Hello. I'm nice Jigsaw or more commonly known as Jigsaws twin.
Unfortunately all of your personal files (pictures, documents, etc…) have been encrypted by me, an evil computer virus known as ‘Ransomeware'.
Now now. Not to worry I'm going to let you restore them but only if you agree to stopdownloading unsafe applications off the internet.
If you continue to do so may end up with a virus way worse than me! You might even end up meeting my infamous brother Jigsaw ?
While you're at it, you can also read the small article below by Google's security team on how to stay safe online.
Oh yeah I almost forgot! In order for me to decrypt your files you must read the two articles below.
Once you have click the ‘‘Get My Decryption Key'' button.
Then enter in your decryption key and click the ‘‘Decrypt My Files'' button.
Eventually all of your files will be decrypted ?
If the timer reaches zero then all of your personal files will be deleted
because you were too lazy to read two articles.
So User do you want to play a game?'

The various spelling and grammar issues in the Koolova Ransomware ransom note make it clear that the Koolova Ransomware Trojan is developed by con artists in a location where English is not the first language. It is likely that the people responsible for the Koolova Ransomware are Italian since many of the elements involved in the Koolova Ransomware attack are Italian in origin. Victims are given 10 hours to read the article 'Stay safe while browsing' located on the Google security blog and 'Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom,' an article located on a computer security website. After reading both articles, a button on the ransom note marked 'Decripta I Miei File' ('Decrypt My Files' in Italian) will become active. Clicking on this button will eventually restore the victim's files.

Reacting to a Koolova Ransomware Infection

Although the Koolova Ransomware infection is benign and leaves no lasting damage, it is important to be protected against these threats. In many cases, it may be impossible to recover the files that have been encrypted in a ransomware attack. Because of this, the most important thing to do is to take preemptive measures to protect your data. PC security researchers strongly advise computer users to have backups of all files. Having backup copies of files makes computer users invulnerable to ransomware attacks like the Koolova Ransomware. The con artists can no longer demand a ransom (or threaten to delete files) because computer users can simply remove the threat with a reliable security program and then restore the compromised files from the backup copy. In fact, once having backups becomes a standard practice, it is likely that ransomware Trojans will become obsolete.


Most Viewed