Cossy Ransomware
The Cossy Ransomware is a variant of the 'grafimatriux72224733@protonmail.com' Ransomware, a file-locker Trojan that targets Rusian PCs. Like the earlier threat, it uses a slow version of the RSA encryption for blocking your files and sells the decryption solution to its attack through its Notepad ransom notes. Users always should back up their work for protecting it, but free decryption services and proper anti-malware products may defend your media by unlocking files and deleting the Cossy Ransomware appropriately.
One Week Later, December Trojans Get a Re-Branding
Only days after the confirmation of the 'grafimatriux72224733@protonmail.com' Ransomware, a Russian, file-locker Trojan that may be competing with Scarab Ransomware's family, a nearly-identical update is appearing. Malware researchers are finding few significant feature changes between the new version, the Cossy Ransomware, and the 'grafimatriux72224733@protonmail.com' Ransomware, although it may be a bug fix. The new presence of a non-disguised 'Cossy.exe' executable component is the Cossy Ransomware's main feature of note.
The Cossy Ransomware and the 'grafimatriux72224733@protonmail.com' Ransomware both run a variant of the RSA-only encryption for locking media files on Windows PCs, which can include the usual documents, images, archives, and other, personal or professional data. The Cossy Ransomware may append several variations of different extensions onto their names, including English and Cyrillic ones. However, malware experts are finding that all of them include the 'RSA-2048' label.
Issues with how the encryption feature is setup (by using short block sizes of file data) may make the Cossy Ransomware take longer than most file-locker Trojans while it's locking files. Any users paying close attention during the procedure may identify and close the Cossy Ransomware in time, but they shouldn't presume on the presence of any user interfaces, pop-ups or similar 'clues' of the attack. The Cossy Ransomware, like most file-locker Trojans, runs the feature through a background process that remains hidden until it locks the files and creates its Notepad ransom note.
Removing the Danger of Illicit Encryption from a Nation
Nearly all the details of the Cossy Ransomware's ransoming instructions, which ask for a ruble equivalent in Bitcoins, are Russia-specific. Malware experts, correspondingly, recommend all Russian Windows users pay close mind to Cyrillic-based scams, such as spam e-mails and free download resources, that could assist with the Cossy Ransomware's circulation or installation. Business entities are equally at risk from attacks that break network logins by brute-forcing them, which is only possible with substandard passwords.
Backing up your work to another device is the first step in eliminating any bargaining power that a file-locker Trojan might exert. The Cossy Ransomware also belongs to the minority of such threats that are using a less-than-perfect encryption standard, and professional AV researchers may be capable of developing a free decryption solution for unlocking your files. In a protected environment, typical anti-malware programs should delete the Cossy Ransomware immediately and keep the payload's data-encrypting damage from occurring.
The Cossy Ransomware tries to make its threat actor seem reasonable by offering 'free' decryption under specific circumstances, along with other details like trial samples. Any users betting on a criminal's goodwill, however, will find that their files are better off being saved before, rather than after, such an easily-coded attack takes place.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.