Koolova crypto-malware is a new file-encrypting program, which was designed rather not to get the ransom payment for the restoration of the encrypted data, but for the mere purpose of educating computer users about such cyber threats as file-locking viruses. When Koolova file-encrypter have encrypted the user’s data, it will leave the ransom note, which will ask to read two articles about ransomware so that the data be retrieved. Even though Koolova crypto-virus is regarded as an in-development ransomware, since it does not ask for a ransom, the threatening to delete the encrypted files, if the suggested articles have not been read, is real. Koolova ransomware does have another flaw, which concerns the actual display of the ransom note. However, it can still be the virus, which infects your machine.
The Basic Features of Koolova Ransomware
As regards the specific encryption algorithm Koolova file-locker has been coded to employ, it is the standard asymmetric encryption – the most widely used cipher. As concerns the file types Koolova has been programmed to encrypt, these are the typical data containers such as documents, audio and video files, images, etc. – in fact, the most common files used. The ransom message Koolova malware slowly displays on the screen is the following:
Hello. I’m nice Jigsaw or more commonly known as Jigsaws twin.
Unfortunately all of your personal files (pictures, documents, etc…) have been encrypted by me, an evil computer virus known as ‘Ransomeware’.
Now now. Not to worry I’m going to let you restore them but only if you agree to stopdownloading unsafe applications off the internet.
If you continue to do so may end up with a virus way worse than me! You might even end up meeting my infamous brother Jigsaw 🙁
While you’re at it, you can also read the small article below by Google’s security team on how to stay safe online.
Oh yeah I almost forgot! In order for me to decrypt your files you must read the two articles below.
Once you have click the ‘‘Get My Decryption Key’’ button.
Then enter in your decryption key and click the ‘‘Decrypt My Files’’ button.
Eventually all of your files will be decrypted 🙂
If the timer reaches zero then all of your personal files will be deleted
because you were too lazy to read two articles.
So User do you want to play a game?
As it is obvious from the grammar of the message, the developers of the Koolova data-encrypting program are not from the country, were English is one of the national languages. What is more, the last part of the note, which is basically the description of the technical details, that of the file submission, etc., is written in Italian, which indicates that the coders of Koolova encrypter are of Italian origin.
10 hours is the time frame, which is believed enough to read the Stay safe while browsing article on security.googleblog.com and the Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom article on bleepingcomputer.com. After you have reviewed both of the articles, the Decripta i Miei File button on the left bottom corner of the screen, which is the Italian for Decrypt My Files, becomes active. Before the decryption of the files, Koolova file-corrupting program will pop the following window up:
What are the Cures for the Koolova Ransomware Infection?
The best prevention for the infection of Koolova ransomware is reliable antivirus software and the total negligence of the spam folder of your e-mail box, which is the number one source of ransomware infection. The most of the ransomware applications are detected before they get set up on the system by the modern anti-malware software. As the common knowledge says, prevention is better than cure.
Update: the decrypter is now available at here: link. You can download it for free and successfully decrypt your files.