Threat Database Ransomware Kostya Ransomware

Kostya Ransomware

By GoldSparrow in Ransomware

The Kostya Ransomware is cryptomalware that functions similarly to threats like the Petya Ransomware and the Mischa Ransomware. The Kostya Ransomware utilizes a ransom screen that is shown to the user after the encryption process is complete. The Kostya Ransomware appears to target Czech-speaking countries and does not support an English version. The Kostya Ransomware may travel with spam email that is loaded with a corrupted PDF file. The PDF document acts as the threat dropper, and users may be lead to believe that they are presented with a payment notification from banks like J&T Banka, Moneta Money Bank and Raiffeisen Bank.

The Kostya Ransomware Targets Files on the System Drive Only

The developers behind the Kostya Ransomware programmed their product to run faster by limiting the encryption to files stored on the Windows drive. In most installations of Windows, the system drive is labeled with the letter 'C' by default. The Kostya Ransomware works like the Smrss32 Ransomware and avoids encryption of files located in the following directories:

  • AppData
  • Program Files
  • Program Files (x86)
  • ProgramData
  • Windows

The Kostya Ransomware uses the AES-256 cipher to lock data and append the '.k0stya' file extension. Corrupted files are likely to be represented in the Windows Explorer by an icon that looks like a blank sheet of paper. For example, 'maple_tree_bark.jpeg' will be transcoded to 'maple_tree_bark.jpeg.k0stya' and the image may not be rendered by any image viewer or editor.

The Operators of the Kostya Ransomware Demand a Payment with PaySafeCard

The makers of the Kostya Ransomware follows the trend set by other cryptomalware such as the JobCrypter Ransomware and the Czech Ransomware that are aimed at citizens of the Czech Republic. The cyber extortionists responsible for the Kostya Ransomware direct users to purchase a 300 CZK (13USD) worth of PaySafeCards and send them their codes by using a text field on the ransom screen. The makers of the Kostya Ransomware threaten users to increase the ransom to two thousand koruna (82USD) if payment is not delivered in the span of twelve hours after the encryption is complete.

Experts do not encourage users to comply with the terms laid by threat developers. Threats like the Kostya Ransomware are effective when you do not have backups. The Kostya Ransomware may not cause irreversible damages to your data structure if you have clean backups available. Computer users need to use a trusted anti-malware tool to purge the Kostya Ransomware and prevent the threat from activating on the next system boot.


Most Viewed