A newly-found piece of ransomware, dubbed Koolova, requires victims to read two blog posts about ransomware avoidance in exchange for decrypting their files.
The ransomware threat keeps on growing with new and new more advanced pieces being created every day. Cybercriminals are upgrading their products to be more sophisticated, hard to tackle and, of course, difficult to detect. Ransomware, aside from being the most dangerous cyber infection out there, has also become a very popular and effective cyber extortion practice. Moreover, we are encountering more and more threats with some quite interesting features.
For example, MalwareHunterTeam experts stumbled across a new piece or ransomware called Popcorn Time that relies on an interesting tactic to improve its efficiency. The ransomware gives its victims a choice: to either pay the ransom or to infect two other users with a referral link. If a victim goes for the second option and the two new victims pay up, the original target gets a free decryption key to unlock its files.
However, the Koolova ransomware feature is even more interesting. As it turns out, this ransomware was not created for lucrative purposes but to spread awareness among Internet users. Once the ransomware has finished with the encryption process it displays a warning screen which states that Koolova will decrypt the encrypted files if the victim reads two articles. Then, Koolova even starts down a countdown and if it gets to zero and the victim hasn’t done anything, all files get deleted. The two blog posts victims are prompted to read are:
- “Stay safe while browsing” from Google Security Blog
- “Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom” from Bleeping Computer.
When the victims read both articles, they can click on the “Decripta i Miei File” button (which translated from Italian means “Decrypt My Files”). Then the Koolova ransomware will contact the Command and Control server and the victims will obtain a free decryption key.
“Koolova will encrypt a victim’s files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key, It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as actually does delete the files.” – BleepingComputer.com reported.