Kovasoh Ransomware

The Kovasoh Ransomware is a file-locking Trojan from the family of the STOP Ransomware, which often, but not exclusively, targets Southeast Asia. The Kovasoh Ransomware locking method uses AES and RSA encryption for keeping documents and similar work content on your computer from opening, which it may do permanently. Users would be wise to establish secure backups for their files' protection and can have dedicated anti-malware products delete the Kovasoh Ransomware as needed.

Another STOP Ransomware Offspring Crossing National Borders

The Ransomware-as-a-Service or RaaS family of the STOP Ransomware is, not very surprisingly, the culprit behind another campaign that's extorting money out of residents of Asia. Infections for multiple users are in India and Indonesia, with the different extension being the only symptom making the new the Kovasoh Ransomware stand out from its all-too-frequent kin. Regrettably, the ongoing use of a traditionally-secure encryption method means that any victims aren't likely of ever getting their files back to normal.

As usual, the Kovasoh Ransomware can lock files by using both AES and RSA encryption for stopping them from opening and securing the cryptography against reverse-engineering attempts. The Kovasoh Ransomware also adds the unique string from its name into their names as extensions but doesn't remove the preexisting one (for example, 'example-picture.jpg.kovasoh'). The RSA key is variable and can be either one that the Kovasoh Ransomware downloads or an internally-saved one, which it resorts to when it lacks a server connection.

Interrupting the Kovasoh Ransomware's contact with its server is a possible but unlikely way of countering its payload and gaining a reasonable possibility of free decryption for restoring the affected content. Since the Kovasoh Ransomware may show no symptoms of any note while it's encryption routine is running, the opportunities for doing so are, however, sparse. Malware experts recommend depending on established security programs for identifying file-locking Trojans like the Kovasoh Ransomware, whose family is widely detectable.

Breaking the Chains Around Digital Media

Preventing infections always remains better than cleaning up the file damage and loss of information that results from most Trojans' attacks. However, file-locking Trojans from the STOP Ransomware family argue added value on the proposition of stopping the Trojan at the outset. Users who don't do so will be unable to open any documents, images, or other content that the Kovasoh Ransomware encrypts, and paying the ransom it demands in a related text file may make no difference. Successful recovery for securely-encrypted media from the STOP Ransomware variants averages at five percent.

Ransomware-as-a-Service hires itself out to third-party criminals who can distribute their customized version of the Trojan in any way they wish. However, throughout iterations of this family, such as the Masok Ransomware, the Tocue Ransomware, the Pidom Ransomware, or the Moresa Ransomware, malware experts find some common themes. Many infection attempts take advantage of misinformed consent from victims believing that they're downloading software updates, cracks, or illicitly-distributed movies.

Most users can protect themselves by avoiding illicit or unofficial sources when downloading new files. If they do experience an attack, anti-malware products should block or delete the Kovasoh Ransomware on sight.

The STOP Ransomware's new kin has few surprises in store for anyone familiar with the old editions. What makes the Kovasoh Ransomware special is less its features and more the long-term, high-activity interest in extorting money by abusing those without backups.