{"id":8297,"date":"2017-01-17T09:22:36","date_gmt":"2017-01-17T17:22:36","guid":{"rendered":"http:\/\/blog.hellotech.com\/?p=8297"},"modified":"2023-02-02T12:18:35","modified_gmt":"2023-02-02T20:18:35","slug":"koolova","status":"publish","type":"post","link":"https:\/\/www.hellotech.com\/blog\/koolova","title":{"rendered":"Koolova: A Ransomware That “Teaches” You about Ransomware the Hard Way"},"content":{"rendered":"\n

We’ve seen strange things on the Internet, but none may be stranger than this. While most ransomware typically encrypts files and demands ransom from the victim, this newly discovered variant locks up your files, threatens to delete them, and… asks you to educate yourself about ransomware. Funny, but we’re not kidding. Koolova is the educational ransomware.<\/span><\/p>\n\n\n\n

Meet Koolova<\/h2>\n\n\n\n

Recently discovered by a security researcher, “Koolova” is an in-development ransomware that is a new variant of an infamous crypto-malware. It claims to be a nice version of the <\/span>Jigsaw ransomware<\/span><\/a>, though it isn’t one you should take lightly.<\/span> <\/span><\/p>\n\n\n\n

Once it’s unleashed, Koolova<\/em> encrypts your files and displays a screen similar to Jigsaw’s. As the text gradually shows up on the screen, it will tell you to read two articles about ransomware to get the decryption key. No big deal, right? Wrong.<\/span> <\/span><\/p>\n\n\n\n

No Idle Threat<\/h2>\n\n\n\n

If you’re too lazy to follow the instruction and read those two articles within a prescribed timeframe, the ransomware <\/span>actually<\/span><\/em> deletes your files. It’s not playing around so you need to take action before time runs out.<\/span> <\/span><\/p>\n\n\n\n

So what are those two articles you need to read? They’re “Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom” by Bleeping Computer\u00ae and “<\/span>Stay safe while browsing<\/span><\/a>” on Google Security Blog. Oddly, you can navigate to the articles directly off the ransomware’s information screen by clicking the two links displayed.<\/span><\/p>\n\n\n\n

When you read both, <\/span>the <\/span>Decripta i Miei File<\/span><\/em> (English translation: <\/span>Decrypt My Files<\/span><\/em>) button then becomes available. Thank your lucky stars that the ransomware doesn’t give you an exam about what you’ve just read. Click on that and the ransomware connects to its server to retrieve a decryption key. Afterward, you can take the key, enter it into the key field, and finally heave a sigh of relief.<\/span> <\/span><\/p>\n\n\n\n

The Biggest Takeaway<\/h2>\n\n\n\n

As Koolova<\/em> takes your files hostage, it will ask you to stop downloading unsafe applications off the Web. That may be the biggest takeaway from this close shave against a potentially nasty disaster.<\/span> <\/span><\/p>\n\n\n\n