Home Malware Programs Ransomware Coharos Ransomware

Coharos Ransomware

Posted: August 14, 2019

The Coharos Ransomware is a file-locking Trojan whose primary symptoms include stopping standard formats of files from opening, such as your documents or pictures. It also delivers ransom messages, changes extensions, deletes some backups and may install spyware. Users should delete the Coharos Ransomware safely through anti-malware utilities before getting their media back through a backup resource or third-party decryptor.

The STOP Ransomware's Next Stop is in South America

Infection vectors of an unknown type are serving file-locking Trojans up to victims in Argentina, and possibly other nations around the world. This update of the STOP Ransomware family has a version that malware researchers have yet to identify and uses the brand-name of the Coharos Ransomware. However, little has changed about how it attacks files, which wields encryption as a blunt weapon against the victim's digital media.

The fundamental operations of the Coharos Ransomware's payload remain the same as with its recent and older ancestors, such as the variants Todar Ransomware, Promorad2 Ransomware, Grovat Ransomware or Guvara Ransomware. It uses both AES and RSA encryption as a way of locking files and targets media formats like pictures and documents, among others. The second key it uses can be either dynamic or static, depending on whether or not it can access a remote server at the time of the attack.

Other symptoms that malware experts rate as expected for the Coharos Ransomware infections include:

  • The Coharos Ransomware can delete backups related to the Windows Shadow Volume Copies or the Restore Points through leveraging traditional CMD commands.
  • The Coharos Ransomware will change the extensions of the files that it captures and insert its unique one of 'coharos' at the end.
  • The Coharos Ransomware's family also uses a variant of a standard Notepad message for the STOP Ransomware family. This ransom note demands payment without specifying the details, other than giving addresses for negotiating, which malware experts recommend ignoring.

Getting the STOP Ransomware Business to Stop for Real

The most effectual means of preventing the further growth of the Ransomware-as-a-Service industry is attacking the profit-end of its business model. Victims can reject all ransom-related overtures and seek assistance from third-party cyber-security specialists with cryptography experience, if necessary. As a more-guaranteed way of recovering lost content, malware experts highly endorse using secure backup strategies, including cloud services or removable storage drives. Decryption isn't always possible whether or not the threat actor provides his help after getting paid.

The STOP Ransomware family often uses fake downloading resources for finding its way to vulnerable computers. Users should be careful around torrents and other, uncurated download resources, especially ones trafficking in illicit content like game keygens. Some attacks also connect with bundlers that may drop other threats besides the Coharos Ransomware, such as password-collecting spyware or adware.

Most anti-malware programs will identify variants of this family on sight. Uninstalling the Coharos Ransomware through dedicated anti-malware tools can prevent further attacks but will not affect your encrypted media, which, still, requires decryption or another recovery means.

As the Coharos Ransomware washes up on Argentina's coast like a poisonous jellyfish, it stings the data that users aren't bothering to protect appropriately. When automated backups are available so readily, the excuse of forgetting to schedule them becomes difficult to justify, especially, in the face of a Trojan's ransom.

Loading...