The Kodc Ransomware is a file-locker Trojan that blocks media files while demanding a ransom payment. This Trojan is a variant of the STOP Ransomware, a well-known Ransomware-as-a-Service, and is targeting Turkish users currently, although its payload isn't location-specific necessarily. Most users can protect themselves through responsible backup practices and anti-malware tools for deleting the Kodc Ransomware on sight adequately.
Attention to Turkey: Your Digital Media Still is on the Line
The STOP Ransomware or Djvu Ransomware is a family that comes with a wide-roaming history, including campaigns against victims of opportunity in Asia, North America, Europe and the Middle East. Turkey is one recurring hotbed for such attacks, as per the SIFRELI Ransomware, the Grod Ransomware, the Cosakos Ransomware and others. The Kodc Ransomware appears as one of the newer releases of the Ransomware-as-a-Service for 2020, with victims, already, demanding help that third-party researchers are incapable of lending them. This RaaS uses secure cryptography, and victims without backups can gamble on the ransom or lose all their work.
Despite its unlucky Turkish recipients, the Kodc Ransomware uses English with borders-indiscriminate attacks in its payload. It can, like most of its relatives, block files with the AES and RSA encryptions, and does so for locking content of likely ransoming value, such as documents, databases, pictures, music and space-compressed archives. The extension that it adds into their names – 'kodc – is, as is a tradition for this family, a randomly-chosen string, and lets victims identify which content is unusable without the decryptor for restoring it.
The Kodc Ransomware also drops what malware experts are determining is a copy-paste of previous STOP Ransomware ransom notes in TXT formatting. This Notepad file provides different addresses, but the same, previous standards, including requests for nearly one thousand USD in Bitcoins and links to a video 'overview.' It also contains a three-day deadline, although victims should reconsider paying since criminals don't always honor any obligations concerning providing a working decryption service.
Outsmarting Middle Eastern Extortion Attacks
The Kodc Ransomware's Ransomware-as-a-Service is recognizable for successful attacks against small businesses and individuals in Indonesia and similar, Asian countries. However, the Kodc Ransomware is a notice that other nations, no matter how far away, are at risk from these file-locking Trojans equally. In most circumstances, victims invite the assault through unsafe administrative or Web-browsing practices accidentally, including downloading illicit torrents or using insecure passwords. Poor RDP and port configurations also are par-for-the-course infection vectors.
Decryption solutions for the STOP Ransomware's family are only effective against old versions with less-secure cryptographic functions. Without the leaking of keys or similarly-privileged information, it remains improbable that users ever could get their files 'unlocked' with a third party's help. This unfortunate reality means that users should back their work up onto other devices for restoring in case of a Kodc Ransomware attack.
Anti-malware products also remain highly useful against file-locking Trojans from all families, including this one. Presuming they're available, they should block or remove the Kodc Ransomware without qualms.
As the Kodc Ransomware starts the next chapter in the STOP Ransomware's long story, it's up to the victims to tell how it ends. Only withholding their money can put a stop to this Black Hat business – even if the cost comes in files.