Home Malware Programs Ransomware Coot Ransomware

Coot Ransomware

Posted: October 29, 2019

The Coot Ransomware is a file-locking Trojan that's part of the STOP Ransomware or Djvu Ransomware's family. The Coot Ransomware appends its extension onto files' names after locking them using encryption and asks for money through ransom notes. Paying the ransom doesn't unlock anything automatically, however, and users should depend on backup solutions combined with anti-malware services that can remove the Coot Ransomware safely.

Just an Old Coot after Your Money

As propagation-heavy as the STOP Ransomware's family business is, there remains room for more versions of it in the wild, as the Coot Ransomware's campaign shows. This threat is one of the latest to become identifiable to the cyber-security industry, after a long lineage following variants like yhe Nols Ransomware, the Bora Ransomwar, the Boot Ransomware, and the seminal Djvu Ransomware. While the Coot Ransomware is newer than all of them, its philosophy for attacks and motivations are the same as always.

Like other, equally-new variants, the Coot Ransomware isn't compatible with freeware decryption services that are for older versions of the STOP Ransomware. It uses the AES encryption for locking files, which forms the primary basis of its attacks, and bolsters it with additional security from a downloadable RSA algorithm. However, it also can function, albeit less effectively, without contacting its server.

With the locking process having sabotaged the user's documents and other media, the Coot Ransomware proceeds with other supporting elements. These features include erasing backups, adding 'coot' strings into filenames, and leaving behind text ransom messages, according to the STOP Ransomware's traditional template. Malware experts also find many members of the family capable of causing other issues, such as installing spyware or blocking your browser's websites, although such details aren't confirmable in the Coot Ransomware, so far.

Stopping the Trojans that will not Stop on Their Own

Attacks by the Coot Ransomware are capable of locking most non-OS-based files on a PC relatively quickly, and not necessarily with any symptoms until afterward. Furthermore, current members of its family also are predisposed towards distributing threats that collect credentials, such as passwords, which could escalate infections to traverse the rest of a network or provide sellable data on the black market. Finally, the Coot Ransomware is capable of erasing default, local backups for Windows systems.

Because of these dangers, malware experts recommend various defenses specific to the Coot Ransomware's family, especially, but also relevant to most Trojans that use encryption. Responsible password management can prevent infections and limit the distribution of Trojans through brute-forcing. Saving backups to other devices will offer a better solution for restoring content than the ransom, which the Coot Ransomware threat actor may take without giving anything back.

As a last effort, most anti-malware programs can remove the Coot Ransomware and file-locking Trojans of a similar ancestry automatically.

The Coot Ransomware is part of a family that's staving off its age by updating routinely. Users who don't update their backups just as often may find themselves in the rock and a hard place situation of extortion versus lost files, even if it's their fault.

Related Posts