Koolova Ransomware decrypts files if victims read 2 posts about Ransomware

The Koolova ransomware will decrypt the encrypted files for free it the victim read two blog posts about how to avoid ransomware infection.

Ransomware authors are very creative, in the last here we assisted a rapid evolution of the cyber extortion practice. Ransomware has become one of the fastest growing threats, new malware implements sophisticated features to avoid detection.

Recently security experts from MalwareHunterTeam spotted a singular strain of ransomware dubbed Popcorn Time that implemented an interesting mechanism to improve its efficiency.This ransomware comes with a singular feature, it allows victims to either pay up or they can opt to infect two others using a referral link. Then is the two other potential victims pay the ransom the original target receives a free key to unlock his encrypted files.

The threat was spotted by the security researcher Michael Gillespie, the malicious code appears to be a work in progress.

“Koolova will encrypt a victim’s files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key, It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as actually does delete the files.” reported BleepingComputer.com.

Once the victim reads both articles, he can rescue the encrypted files by clicking on the Decrypt My Files (the malware shows the string “Decripta i Miei File” which is Italian Language). The button “Decripta i Miei File” becomes available, when the user click on it the Koolova ransowmare will contact C&C server to get the decryption key.

Clearly, the author of this malware hasn’t developed it profit but just to spread awareness.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Koolova ransomware, malware)