COSANOSTRA Ransomware

The COSANOSTRA Ransomware is a variant of the GarrantyDecrypt Ransomware, a file-locking Trojan that keeps your digital media from opening. Since there is no freeware decryption tool for this Trojan, the users will need backups for their data recovery under most circumstances. A majority of anti-malware programs can delete the COSANOSTRA Ransomware or prevent infections securely.

Keeping Your All Files in 'the Family'

The GarrantyDecrypt Ransomware family, while one of the smaller groups of file-locking Trojans, has been a viable threat to Windows users' media throughout 2018. Its changes in ransoming messages, now, are accompanying themselves by changes to the appended extensions, as the COSANOSTRA Ransomware shows. While this threat's updates are surface-level, it's also demonstrative of some threat actors not giving up on a previously-proven business strategy.

The COSANOSTRA Ransomware's family uses both a static key and a secondary, RSA-based one that's custom. This encryption method lets the COSANOSTRA Ransomware, and other versions of the GarrantyDecrypt Ransomware block different media types quickly and securely, keeping the users from opening their Word documents, JPG pictures, music, databases and other content. The only change that malware experts find that isn't inside of its ransom note is the previously-mentioned extension, which, in the COSANOSTRA Ransomware's case, references the notorious Italian-American Mafia.

While some versions of the same Trojan are notable for their wild divergences in ransoming instructions, the COSANOSTRA Ransomware's message is straightforward and traditional. It demands the victim's paying Bitcoins, but doesn't provide a price or a wallet. It does, however, give an e-mail address for the negotiations. Since the criminals always could take the money and not return a decryptor, malware experts suggest not paying if it's at all possible.

Combating the Modern Crime Gang from Your Computer

While malware researchers continue determining how the COSANOSTRA Ransomware spreads, the users should continue taking proper precautions against the already-confirmed strategies of most file-locking Trojans' campaigns. Tricking their victims into opening e-mail attachments, using exploit kits running through script-enabled websites, brute-forcing logins and seeding corrupted torrents are proven infection vectors. Because of its lack of a free decryption solution, the COSANOSTRA Ransomware and other GarrantyDecrypt Ransomware members emphasize backups as the best way of preserving any information that might suffer from encryption.

Some other areas of security that all users should invest in include:

• To change any default, simple or overused passwords for preventing the criminals from logging in remotely.
• To monitor their ports, RDP settings, and other network features for possible vulnerabilities.
• To avoid e-mail attachments that come from unverified sources, especially ones using document-based formats that harbor notable vulnerabilities.
• Refraining from downloading pirated works and related content such as keygens.
• To disable Web-browsing features that are exceptionally risky on unknown sites, including JavaScript and Flash.

Nearly all anti-malware products continue experiencing minimal difficulties with removing the COSANOSTRA Ransomware, although malware analysts caution that most brands will be detecting it as a general or heuristic threat.

As the year continues, old families of Trojans may see some reassessment by their authors, but the COSANOSTRA Ransomware, for the moment, is still going strong.