Kool Ransomware Encrypts Victim Data
While we were going over new malware samples, it came to our attention that Kool is a ransomware variant linked to the Djvu family. This malicious software encrypts files on the compromised system and adds the ".kool" extension to their filenames. Additionally, it creates a "_README.txt" file, serving as a ransom note.
The Kool ransomware utilizes a specific renaming technique during the encryption process, whereby file names like "1.jpg" are transformed into "1.jpg.kool" and "2.png" changes to "2.png.kool", and so forth. Given its association with the Djvu family, it's conceivable that threat actors might utilize data extraction tools such as Vidar or RedLine to gather information before initiating the encryption process.
In the ransom note, victims are notified that all their files, including images, databases, and documents, have been encrypted using a strong algorithm and key. The only means of recovering these files is to purchase a decryption tool and obtain a unique key.
The note offers a 50% discount and provides two email addresses (support@freshingmail.top and datarestorehelpyou@airmail.cc) for communication. It emphasizes the importance of responding within 72 hours to avail of the reduced price for the decryption tools.
Kool Ransom Uses New Djvu Ransom Note
The complete text of the Kool ransom note reads as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
Do not ask assistants from youtube and recovery data sites for help in recovering your data.
They can use your free decryption quota and scam you.
Our contact is emails in this text document only.You can get and look video overview decrypt tool:
Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that's price for you is $499.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshingmail.topReserve e-mail address to contact us:
datarestorehelpyou@airmail.ccYour personal ID:
How Can You Protect Your Data Against Ransomware?
Protecting your data against ransomware requires a combination of proactive measures and effective cybersecurity practices. Here are some essential steps you can take:
Regular Backups: Maintain regular backups of your important files and data. Backup copies should be stored securely, preferably offline or in a location inaccessible to ransomware attackers. Automated backup solutions can ensure consistency and reliability.
Update Software and Operating Systems: Keep your operating system, software, and security solutions up to date with the latest patches and updates. Vulnerabilities in outdated software can be exploited by ransomware attackers.
Install Antivirus and Antimalware Software: Use reputable antivirus and antimalware software to detect and block ransomware threats. Ensure that your security software is regularly updated and configured to perform real-time scanning of files and email attachments.
Exercise Caution with Email Attachments and Links: Be cautious when opening email attachments or clicking on links, especially if they are from unknown or suspicious sources. Ransomware attackers often use phishing emails to distribute malware.
Enable Firewall Protection: Activate and configure a firewall to monitor incoming and outgoing network traffic. A firewall can help block unauthorized access to your system and prevent ransomware from spreading across your network.
Implement Least Privilege Access: Limit user access privileges to only what is necessary for their roles and responsibilities. This can help minimize the impact of ransomware attacks by preventing unauthorized users from accessing sensitive data and systems.
