Koolova ransomware lectures users on downloading unknown files

koolova-v2

In a rather bizarre twist to the ongoing saga that is ransomware infections, a new strain has been discovered that lectures users on the dangers of downloading unknown files from the Internet.

Dubbed Koolova, the ransomware is said to act like similar strains in that it will encrypt a victim’s files and then display a screen asking for a demand to be met. It’s complete with a countdown clock by which files on the infected computer are deleted if demands are not met in time.

That’s where the similarities end, though. Koolova then presents a splash screen lecturing the owner of the infected machine about the dangers of ransomware and then offering to release the now-encrypted files if they read two online articles about the dangers of ransomware and downloading of unsafe files.

If the two links are not clicked, the ransomware does deliver on its promise and deletes files on the infected machine, according to Bleeping Computer. Once both articles have been read, a “Decrypt My Files” button becomes available, which then connects to a Command & Control server to retrieve a decryption key. The key allows infected users to unlock their files.

The malware itself is described as being in “development,” so it’s unlikely to be running wild currently, but that is not to say that it soon couldn’t be. Because clicking through on the two links doesn’t remove it from a machine, using a ransomware removal tool is recommended.

Image courtesy of Bleeping Computer/Koolova designers