New ransomware will delete all your files -- unless you read two articles on avoiding ransomware

A newly discovered strain of the Koolova ransomware encrypts all your files and deletes the keys -- unless you read two articles about avoiding ransomware: Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom (Bleeping Computer) and Stay safe while browsing (Google Security Blog).

This Koolova variant isn't very well written, and requires a lot of technical knowhow just to get to the ransom-demand screen that tells you what you must do to avoid erasure of all your data.

Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available.

Once you click on this button, Koolova will connect to the Command & Control server and retrieve the victim's decryption key. It will then display it in a message box labeled "Nice Jigsaw", in reference to the Jigsaw Ransomware, that displays your decryption key.

A victim will then be able to take that key and enter it into the key field in order to decrypt files.

All in all, Koolova is a very strange ransomware and one that I personally find a little creepy as it uses one of the articles I wrote as a method to gain a free decryption. As all of the Koolova ransomware variants I have seen have been in development, there is a good chance that this one will never actually make it to the wild. Then again, I have been wrong before.

Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware [Lawrence Abrams/Bleeping Computer]

(via /.)

Notable Replies

  1. Pretty neat idea, if a bit invasive.

    IDEA: Send ransomware to Trump supporters that forces them to read a couple articles on the (many) negatives of Trump and then do a quiz at the end in order to unlock their files.

    Note: I have no idea how to do this, so no need to investigate me, NSA/Secret Service/MIB, thanks!

  2. If ransomware, naughty or nice, got that far inside my PC, I'd probably wipe the drives myself. (After checking the normally unconnected backup drive on another PC.)

  3. Except that the vast majority of Americans aren't even interested in politics. Lots of them couldn't even tell you why they voted for Clinton or Trump or nobody at all. Add to that the majority of the world isn't even American, and they despise Trump. Your target is the weak Trump voter - a very small minority of the people who will get your ransomware.

    There's gotta be a better way to talk to those people - but Clinton couldn't find it, and she had some damn good advisors.

  4. They were apparently advising her about all the wrong things.

Continue the discussion

2 more replies