New ransomware will delete all your files — unless you read two articles on avoiding ransomware

A newly discovered strain of the Koolova ransomware encrypts all your files and deletes the keys — unless you read two articles about avoiding ransomware: Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom (Bleeping Computer) and Stay safe while browsing (Google Security Blog).

This Koolova variant isn't very well written, and requires a lot of technical knowhow just to get to the ransom-demand screen that tells you what you must do to avoid erasure of all your data.

Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available.

Once you click on this button, Koolova will connect to the Command & Control server and retrieve the victim's decryption key. It will then display it in a message box labeled "Nice Jigsaw", in reference to the Jigsaw Ransomware, that displays your decryption key.

A victim will then be able to take that key and enter it into the key field in order to decrypt files.

All in all, Koolova is a very strange ransomware and one that I personally find a little creepy as it uses one of the articles I wrote as a method to gain a free decryption. As all of the Koolova ransomware variants I have seen have been in development, there is a good chance that this one will never actually make it to the wild. Then again, I have been wrong before.


Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware

[Lawrence Abrams/Bleeping Computer]


(via /.)