Slashdot Mirror

← Back to Stories (view on slashdot.org)

Koolova Ransomware Decrypts For Free If You Read Two Articles About Ransomware (bleepingcomputer.com)

Posted by BeauHD on from the contrary-to-what-is-usual dept.

An anonymous reader quotes a report from BleepingComputer: We have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles. Discovered by security researcher Michael Gillespie, this in-development ransomware is not ready for prime time. In fact, I had to mess with it a bit and setup a local http server to even get it to display the ransom screen. In its functional state, Koolova will encrypt a victim's files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key. It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as it actually does delete the files. The articles that Koolova wants you to read are an article from Google Security Blog called Stay safe while browsing and BleepingComputer's very own Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom article. Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available. Once you click on this button, Koolova will connect to the Command and Control server and retrieve the victim's decryption key. It will then display it in a message box labeled "Nice Jigsaw," in reference to the Jigsaw Ransomware, that displays your decryption key. A victim will then be able to take that key and enter it into the key field in order to decrypt files.

1 of 80 comments (clear)

  1. The author of this software needs education. by mmell · · Score: 4, Interesting
    Serious thwappage with a +5 Louisville Slugger should do the stunt nicely!

    I suspect the moron actually believes he's doing someone a favor - but there is never an ethically appropriate way to damage or steal information that isn't yours on equipment that isn't yours. As I recall, wasn't there some clod that released a virus a decade back that actively (attempted to) hunt down and remove other virii from infected computers, ostensibly as a public service? The idea ended up conceptually integrated into other exploits as a way to ensure that a given bot was only enslaved by one botnet at a time, a very valuable idea for botnet operators but hardly a public service.