Home Malware Programs Ransomware KOK8 Ransomware

KOK8 Ransomware

Posted: August 28, 2018

The KOK8 Ransomware is a variant of the AES-Matrix Ransomware, a file-locking Trojan that keeps your media hostage until you pay its ransom. Symptoms of infection include having filenames overwritten with an ID number-based template, being unable to open the non-consensually encrypted files, the deletion of local restore points, and new text documents containing ransoming demands. Let your anti-malware products remove the KOK8 Ransomware safely from your computer and use non-compromised backups for restoring any files, as need be.

Trojans Keeping Your Files from Making Sense

A characteristic of almost any file-locker Trojan that's both prominent and, sometimes, helpful to the victims, is the recurring use of filename markers for noting what content it's attacking, along with delivering related ransoming information. The KOK8 Ransomware, a new build of the AES-Matrix Ransomware that's similar to last year's Relock Ransomware, shows most of the drawbacks and benefits of this small feature. While the encryption that blocks files is the focal point of most file-locking Trojans, equally inconvenient is their potential for obscuring what types of media they're locking.

The KOK8 Ransomware uses an AES-based algorithm for blocking files without the user's permission, an attack which may target Word or PDF documents, ZIP or RAR archives, JPG or BMP pictures, and other media, with little discrimination. Although many file-locker Trojans will add extensions to tag what they block, the KOK8 Ransomware writes over the entirety of the name and uses the field for displaying the 'KOK8' string, an ID number and an e-mail address. This feature also wipes out the preexisting extension, which could keep users from identifying what content kind is captive.

While the KOK8 Ransomware creates an RTF document that contains its ransoming demands for the decryption service, malware experts recommend attempting other solutions, first. Paying threat actors for a decryption service is a highly unreliable means of recovering data, since most payment choices in use by these campaigns, such as the Bitcoin cryptocurrency, have limited refunding support.

Clearing Out the Matrix of the Wrong Numbers

Variants of AES-Matrix Ransomware may use different infection methods, but the most recent exploits include both Remote Desktop hackings and the abuse of exploit kits, which rely on outdated or undiscovered ('zero-day') software vulnerabilities for loading their drive-by-download attacks. PC users in general, and, especially, network administrators should monitor their login credentials for weaknesses, be careful around e-mail attachments, and install all security-oriented updates for their software whenever possible. Attempts at installing the KOK8 Ransomware may not require the victim's consent, misinformed or otherwise.

Users can expect that any local backups, as well as non-secure, network-available ones, are either deleted or encrypted during the KOK8 Ransomware infections. For maximizing the security of your backups, malware analysts advise saving them to drives that you leave detached or secured by robust login combinations. Anti-malware products of most brands should delete the KOK8 Ransomware safely, but free decryption support for its family is of limited availability.

With incredibly large and much-shared families like the Globe Ransomware or the Jigsaw Ransomware, small competitors like the KOK8 Ransomware are forgettable. Its lesser distribution isn't, however, a sign that it's using attacks that are any less likely of damaging your media than those of the rest of the Ransomware-as-a-Service industry.

Loading...