Hackers behind the infamous stop djvu Ransomware Family have developed another menacing variant – Kovasoh Ransomware! This pernicious file locking virus, just like its siblings, has been created with the strong financial motive.
.Kovasoh file virus is spreading its infection world-wide via spam e-mail campaigns, fraudulent online advertising & fake software updaters.
After infecting the system, it searches for some specific file extensions to encrypt & lock. When found, it employs Encryption Algorithms to make it instantly inaccessible by adding Kovasoh extension to the filenames.
A ransom-demanding note appears every time a victim tries to access the encrypted files. It suggests that decryption of files is possible with the interference of the hackers only.
Pay the ransom & get Kovasoh decrypter & unique key in exchange, the note states.
But, how far is this claim true? Are there other possible ways to remove Kovasoh Ransomware from the system?
Victims from around the world are looking for ways to get rid of Kovasoh Ransomware & decrypt .Kovasoh files. Read on to find if it is possible to recover .Kovasoh files.
Name | Kovasoh |
Type | Ransomware |
Category | Malware |
Operating System Impacted | Windows |
Symptoms | Files are encrypted with .kovasoh extension. A ransom demanding note appears every time victim tries to open the encrypted files. |
Kovasoh Ransomware is the brand-new addition to the ever-growing & infamous Stop Djvu Ransomware Family. Alike other variants it propagates its infection through various spread techniques.
It enters the system stealthily & does not require any manual help to install on the PC. Upon installation, it searches the entire system for certain targeted file extensions & types. When located, it employs highly-complex Encryption Algorithms to encrypt the files & generate a private unique key for each infected system. These keys are stored on the server controlled by hackers.
The encrypted files are renamed & .Kovasoh Extension is added as a suffix to the file names.
A file named image.jpg might be renamed as “image.jpg.kovasoh” after the encryption.
All the .kovasoh files are instantly made inaccessible due to significant modifications in their codes.
Some of the file extensions that .Kovasoh virus Ransomware is capable of encrypting are mentioned below:
A ransom demanding banner appears on the screen every time an encrypted file is accessed. This note is a text document named “_readme.txt”. The note contains the ransom amount & instructions on how victims can contact the hackers.
The note states that the only possible way to restore the encrypted data is to contact the hackers & pay them the ransom amount of $980 in Bitcoins. They may contact the hackers on gorentos@bitmessage.ch & gorentos2@firemail.cc.
Once the payment has been made, Kovasoh decryption tool & unique key will be sent to the victims via e-mail.
The note further states that any victim who contacts the hackers within 72 hours of the encryption will be given a discount of 50% on the ransom amount i.e., $490 in Bitcoins.
Hackers behind the Kovasoh Ransomware offer to decrypt any one file for free of cost. The victims can send one file (that should not contain sensitive information) to the hackers. Once decrypted, the file will be send back to the victim.
These claims are made by the hackers to guarantee the decryption of encrypted files. Please note that the sole motive of hackers behind encrypting the files with .Kovasoh virus Ransomware is to extort colossal amount in exchange of files recovery.
Analysis has shown that victims who paid ransom amount got scammed. They do not get the promised Kovasoh decryption tool & decryption tool after paying the ransom. The hackers stop responding once they have received the amount.
Therefore, victims should avoid any sort of negotiation with the hackers concerning decryption or paying the ransom amount. For the sake of the data security, victims may either download Kovasoh decrypter tool or navigate to the removal guidelines for .Kovasoh File Virus.
The family of the pernicious Kovasoh Ransomware is considered as the most wide-spread file-encrypting virus. The reason behind it is the use of multiple distribution channels to spread the infection.
These channels help the hackers to increase the number of Kovasoh victims & possibility of generating colossal money from them.
Amongst all the spread methods, malvertising e-mail campaign is the most prevalent one.
Hackers send out a large number of infected & malware-laden e-mails. These e-mails suggest the receivers about an undelivered package from a shipping service. The e-mail appears genuine as it is contains name of legit shipping services in the subject-line.
Many users, out of their curiosity, click on the infected e-mails, not realizing that they might contain something harmful. A mere click on the attachments/links specified in the e-mail installs Kovasoh File Virus on the system.
Other common distribution techniques that Kovasoh is using to proliferate are-
STEP A: Reboot your system to Safe Mode
To restart the system to Safe Mode with Networking, if already switched ON then follow the below steps:
5 Click on the username and enter the password (if any).
STEP B: Delete the suspicious key from the Configuration Settings
STEP C: Remove Malicious Program from Command Prompt
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
STEP D: Restore the System Files & Settings
OR
OR
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Hits: 115
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.