Jump to content
Nytro

Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware

By Nytro, in Stiri securitate

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware

  • December 23, 2016

 

There have been a lot of strange twists and turns when it comes to ransomware this month. First, we had Popcorn Time that gave you the option of screwing over people by infecting them to possibly get a free decryption key.  Now, we have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles.

Discovered by security researcher Michael Gillespie, this in-development ransomware is not ready for prime time. In fact, I had to mess with it a bit and setup a local http server to even get it to display the ransom screen.

 

In its functional state, Koolova will encrypt a victim's files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key, It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as actually does delete the files.

 

Koolova Ransom Screen
Koolova Ransom Screen
 

The articles that Koolova wants you to read are an article from Google Security Blog called Stay safe while browsing and BleepingComputer's very own Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom article.  Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available.

Once you click on this button, Koolova will connect to the Command & Control server and retrieve the victim's decryption key.  It will then display it in a message box labeled "Nice Jigsaw", in reference to the Jigsaw Ransomware, that displays your decryption key.

 

Retrieved Decryption Key
Retrieved Decryption Key
 

A victim will then be able to take that key and enter it into the key field in order to decrypt files.

All in all, Koolova is a very strange ransomware and one that I personally find a little creepy as it uses one of the articles I wrote as a method to gain a free decryption.  As all of the Koolova ransomware variants I have seen have been in development, there is a good chance that this one will never actually make it to the wild. Then again, I have been wrong before.

 

Sursa: https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-for-free-if-you-read-two-articles-about-ransomware/

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...