'cottleakela@protonmail.com' Ransomware

The 'cottleakela@protonmail.com' Ransomware is a file-locking Trojan that targets business networks with the non-consensual encryption of their data. The added '.locked' extensions and 'README-NOW.txt' ransom notes are some, but not all of the other symptoms of its attacks necessarily. The users should disregard any ransoming advice from the threat actor, have a dedicated anti-malware tool delete the 'cottleakela@protonmail.com' Ransomware, and revert to their last, good backup.

A Trojan Exploiting the Companies Forgetting Their Best Admin Practices

Joining the various 'independent' threats of the month, such as the James Ransomware and the Enc1 Ransomware, the 'cottleakela@protonmail.com' Ransomware is just in time for the end of January. Unlike most of the samples of unknown file-locking Trojans that malware experts identify, however, the 'cottleakela@protonmail.com' Ransomware is showing strong inclinations towards being alive and already attacking its targets. The threat actors are favoring the business sector in their file-locking crimes, which solicit Bitcoins without a set price.

Verifiable victims in its campaign include an IT consultancy firm in the United Kingdom, which is the apparent resource for one of the digital certificates that the 'cottleakela@protonmail.com' Ransomware uses for concealing its identity. The revoking of the certificate, however, should trigger appropriate alerts from security products, and malware experts see no corresponding updates to the 'cottleakela@protonmail.com' Ransomware, for now.

The 'cottleakela@protonmail.com' Ransomware uses an unknown encryption algorithm for enciphering different media types on the PCs that it compromises, including documents, audio, or databases, along with other formats. The 'cottleakela@protonmail.com' Ransomware adds '.locked' extensions into their names, as well, which makes the 'cottleakela@protonmail.com' Ransomware heavily reminiscent of some competition, such as the AndreaGalli Ransomware, the HT variant of Deos Ransomware, and some versions of the Stampado Ransomware.

Taking the Cost-Effective Way Around a Ransom

Protecting your network from the 'cottleakela@protonmail.com' Ransomware should employ the same steps that malware researchers recommend against nearly all types of file-locking Trojans:

• You can use secure passwords for blocking brute-force hacks that might estimate your login credentials.
• Closing ports that you don't require being open will defend against casual, port-scanning style infections.
• Never leave Remote Desktop features enabled by default since they serve as significant vulnerabilities for remote attackers.
• Update your software regularly for acquiring any security fixes, if using widely-popular platforms like WordPress especially.
• Instruct your employees on the dangers of opening unsafe e-mail attachments, including specifics such as the risks behind enabling Word's 'macro' feature.

While there is no solution to the 'cottleakela@protonmail.com' Ransomware's encryption, currently, the users can take advantage of the 'free demonstration' that the threat actors provide safely. Doing so could give essential cryptographic information to cyber-security researchers for developing a separate decryptor. However, ideally, your anti-malware protection should stop all attacks and remove the 'cottleakela@protonmail.com' Ransomware automatically.

Although the 'cottleakela@protonmail.com' Ransomware pretends that it's a Windows host process, it's not likely that the disguise requires persisting for any longer than the duration of the encryption attack. Since such an attack is, often, no more than minutes or even seconds long, businesses should back up their work and protect their servers with all due diligence.