We've seen a high number of ransomware in the past year, each with their own nuances, but with a common purpose: encrypt files and demand money from the victim. While many opt to not pay, some still decide to risk it and pay the cybercriminals to have their files decrypted.
Today, a new variant of the infamous crypto-malware has been discovered. Discovered by security researcher Michael Gillespie, 'Koolova' is a new in-development ransomware. Once a victim's system has been encrypted, it will display a ransom note claiming itself to be the nice version of the Jigsaw ransomware.
Why is it claiming to be that, you ask? Instead of demanding a large amount of money from victims, it will only ask the victim to read two articles regarding computer security and staying safe on the internet. One of these is Google's "Stay safe while browsing" blog post, while the other is Bleeping Computer's "Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom."
If they successfully read the provided material, only then they will be provided the decryption key. Don't take Koolova too lightly, however; if it sees that you are "too lazy" to read the articles, and the provided timer goes down to 0, it will delete all the affected files.
Once the victim has finished the two articles within the provided time, the ransomware will provide the decryption key. This will successfully unlock encrypted files, ultimately freeing the computer from the ransomware attack.
Back in June 2016, another "friendly" ransomware was discovered, called "EduCrypt." While it encrypted a user's files, it also provided the decryption key for free, telling victims to "not download random s*** on the internet" as a takeaway lesson from the experience.
While it is indeed interesting to see ransomware developers creating malware that "teach" victims a lesson, it always pays to be careful about what we do on the internet, and not have to learn things the hard way.
Source: The Hacker News