Koovla Ransomware Urges Users to Read Up on Security

Written by

Security researchers have discovered an unusual ransomware variant which offers a decryption key not if victims pay up, but if they read two articles on how to stay safe from malware.

Discovered by self-styled “ransomware hunter” Michael Gillespie, the “Koovla” variant is still in development, according to Bleeping Computer’s Lawrence Abrams.

Once downloaded, it works similar to the Jigsaw ransomware family in loading text line by line on the user’s screen.

Then, bizarrely, it claims the user will gain access to the decryption key as long as they read two security articles: one from Google’s security team on how to stay safe online, and another from Bleeping Computer detailing the Jigsaw variant.

It states:

“In order for me to decrypt your files you must read the two articles below. Once you have click the ‘Get My Decryption Key’ button.

Then enter in your decryption key and click the ‘Decrypt My Files’ button. Eventually all of your files will be decrypted :)

If the timer reaches zero then all of your personal files will be deleted because you were too lazy to read two articles.

So User do you want to play a game?”

It’s unclear what the ransomware developer’s end goal is with this variant, although if it ever does make it into the wild it’s likely to contain some extra element to generate profits for the black hat.

As far as unusual ransomware families go, it’s up there with Popcorn Time.

Discovered last month, this ransomware has been designed to offer a free decryption key to any user prepared to send a malicious link to infect two of their contacts.

Ransomware is set to have another bumper year in 2017, although growth is likely to level out, according to Trend Micro.

The security vendor claimed in its 2017 predictions report that growth in the volume of new ransomware families discovered during the next 12 months would stand at 25%, with cybercriminals increasingly looking to generate bigger profits via things like Business Email Compromise (BEC) scams.

What’s hot on Infosecurity Magazine?