Kostya Ransomware
Posted: October 11, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 91 |
| First Seen: | October 11, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Kostya Ransomware is a data encryptor Trojan that uses its encoding attacks for extorting money from the PC's owner. Like similar threats, the Kostya Ransomware infections are recognizable by symptoms including high-visibility ransom messages and being unable to open any encoded content. If you don't use anti-malware tools to terminate or delete the Kostya Ransomware preemptively, your best recourse for data restoration is most likely in restoring from a backup, rather than paying the fee.
Seeing What's Behind the Lockdown on Your Screen
In the recent past, Trojans dedicated to ransom-based campaigns often stopped at blocking the victim's screen and demanding their fee. Modern iterations of similar threats, such as the Kostya Ransomware, almost always include other attacks, such as file encryption, which they may launch alongside or in exclusion to the previous screen-locking features. The Kostya Ransomware incorporates both techniques into its campaign, making the Trojan an immediate threat to your local data along with your essential PC usability.
The Kostya Ransomware is targeting its attacks against Czech-speaking PC owners currently, using a distribution model malware researchers still are identifying. Similar campaigns most often spread through e-mail or other spam messages, but the Kostya Ransomware also may be being installed through brute force attacks to server machines or similar exploits. After the install procedure, the Kostya Ransomware begins encrypting the contents of your C drive, excluding essential Windows directories. Victims may note that there are no symptoms of the attack as it occurs, although the Trojan doesn't target other drives besides C.
With its data encryption concluded and your data blocked, the Kostya Ransomware then launches an HTML pop-up in a borderless format for blocking the entire desktop interface. This pop-up delivers a Czech-based ransom message, including archetypal elements of such modern tactics, such as time limits before the deletion of the decryption key, interactive payment-processing fields, and recommendations on how to use anonymous currency transactions like Paysafecard.
The Discount Way of Escaping a Kostya Ransomware Attack
While the Kostya Ransomware combines different features to hold your PC and its contents hostage effectively, its attacks do include various limitations making it easier to circumvent than similar threats. Since the Kostya Ransomware doesn't target network-mapped drives, peripheral devices, or secondary hard drives, PC operators can use these sources for booting their systems through Safe Mode and avoid triggering the screen-locking pop-up. Although any encrypted content still is locked, you can use backups from the previously-noted sources for recovering your data with no need to pay the Kostya Ransomware's authors.
However, most PCs benefiting from standard anti-malware protection should block this threat before it can encode and damage any of your files. Since decryption may be impossible, malware experts also recommend keeping backups that can be reverted to whenever the original sources are beyond any hope of being repaired. Paying for a Kostya Ransomware decryptor, regardless of any imposed time restrictions, always should be avoided in all but the most extreme scenarios.
While the Kostya Ransomware may seem to render its victims all but helpless regarding system accessibility, it is just as vulnerable to previously established security measures as similar Trojans like the Petya Ransomware. PC owners who aren't treating their systems with extreme carelessness, such as by opening e-mail attachments before scanning them, are not likely of being put in a position where paying a the Kostya Ransomware fee becomes necessary.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.