Koolova Ransomware Decrypts Files If You Read 2 Cybersecurity Articles

January 18, 2017 - Uncategorized
Koolova Ransomware Decrypts Files If You Read 2 Cybersecurity Articles


Ransomware is a kind of computer malware that disables users from accessing their PC or selected files in their systems until a certain amount of money is paid as “ransom.”

The user’s computer is typically held hostage by the ransomware by preventing the usage of the computer’s screen or by totally disabling the system until the full ransom has been paid.

This malware infects most computer systems through Trojans or worms and proceeds to compromise the security of the system and all the files on the computer.

Koolova, The new type of ransomware

There is a new type of computer malware called Koolova that infiltrates the database of computer systems.

Once infiltrated, Koolova encrypts files on the user’s computer, thus completely disabling the user from accessing the encrypted files.

Unlike most computer malware that demands to be paid a certain amount as ransom, this type of malware does no such thing.

This computer malware has been designed in such a way that it only gives you the decryption key once you have read two informative articles on cybersecurity.

The “nice” version of Jigsaw Ransomware

An illustration of Jigsaw ransomware virus.

Koolova is a ransomware that was discovered by Michael Gillespie, a cyber-security researcher.

The ransomware makes itself known as the “nice” version of another ransomware known as the Jigsaw ransomware.

The reason why it labels itself as nice could be due to the fact that it does not demand to be paid huge amounts of cash as ransom like other types of ransomware before it decrypts the files it has encrypted in the first place.

Rather, it requires the user of the affected computer to read two articles on cybersecurity. The articles are intended to teach the user about cybersecurity and how to browse safely on the internet.

One of the articles is a Google blog post titled “Stay Safe while browsing.” The second article is “Jigsaw Ransomware decrypted: Will delete your files until you pay the ransom.”

Failure to read the two articles provided by Koolova ransomware will result in the affected files being wiped out by the ransomware once the timer reaches zero.

Koolova ransomware, therefore, does not just issue empty threats to its victims.

Upon successfully reading the two informative articles on cybersecurity, the ransomware then provides the decryption key for the victim to be able to decrypt the files affected by the Koolova ransomware. Koolova ransomware makes the icon labeled “Decrypt My Files” available to the victim.

Upon clicking on the icon, this malware then issues the decryption key from the command and control database.

After the user reads the articles provided by the malware, a box called “Nice Jigsaw,”(labeled after the Jigsaw Ransomware) is revealed, providing the decryption key to the user and requires the victim to use the decryption key to recover the encrypted files.

Creators of ransomware are coming up with new malware every day to keep people on their toes and mindful of what sites they visit on the internet.

On many occasions, ransomware invades a computer when a user simply opens an infected link or unknowingly browses a website that has been hacked by the ransomware criminals.


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.