Ransomware developers are untiringly working to inflict users around the world with new cryptovirological strains. For that matter, cybersecurity teams in every region proactively look out for new variants to devise ransomware removal solutions. In the latest cryptovirological discovery, a team of malware hunters has come across a new ransomware strain that goes with the name Cossy ransomware.
The preliminary inspection of the ransomware reveals that it is devised to target Russian users since the ransom note appears after the encryption is written in Russian. Moreover, it has also been found out that Cossy operators are using RSA 2048 encryption to lock down the files on the targeted computer. RSA 2048 is considered one of the most complex encryption matrixes out there. This means that the professional ransomware removal for Cossy ransomware will be quite a cumbersome task.
A Complex Game of Extensions
Every ransomware appends encrypted files with a particular extension to indicate that they are inaccessible. Cossy ransomware also appends unique extensions to the encrypted files. However, it has an inexplicable rule for that:
- The non-executable files are appended with the extension ‘link. Protected by RSA-2048’
- The executable files are appended with the extension ‘Protected by RSA-2048’
Security experts are still trying to find out the reason why Cossy operators use two different extensions for the encrypted files.
It is also worth mentioning that Cossy operators offer free decryption of five files up to 5 MBs to proof that they got the complete ransomware removal solution. Moreover, they ask for 50 rubles (Russian currency) in Bitcoins to provide the decryption key.
Security experts and law enforcement entities always advise against the payment of ransom. The better way to deal with any cryptovirological attack is to rely on professional ransomware removal expertise instead of resorting to an extortion payment.