Do you know what Cossy Ransomware is?
Cossy Ransomware is most likely a Russian malicious file-encrypting application. Since everything from the extension the threat adds to its encrypted files to the text documents left on the infected system are written in the Russian language. Nonetheless, based on how much the hackers ask for a ransom and on the ransom note itself, we believe Cossy Ransomware could be a test version or just a joke. Thus, we do not think its developers are putting a lot of effort into its distribution. However, if you were one of the unlucky ones, who received this malicious application, we encourage you to read the rest of this article to learn more about it. Also, at the end of the text, those who need help with the threat’s deletion can find our provided removal guide that shows how to erase the infection manually.
For starters let us explain how Cossy Ransomware could be spread if its developers are distributing it at all. In most cases, ransomware applications are carried to victims’ computers via phishing attacks, for example, by sending fake email messages, urging to open the attached file. Of course, later on, it appears the attachment was not what the email message claimed it would be, and the user realizes he accidentally opened a malicious installer.
To prevent such mistakes, we highly recommend not to run data received from suspicious sources, and to determine it; users should always check the sender’s line. If it has grammatical mistakes, looks random, or the sender’s email address is not what it should be (e.g., the scammers could send email while pretending to represent some organization you know), you ought to be extra careful with it. It would be safest not to open questionable data or at least scan it with a reputable antimalware tool first. Also, we advise doing this to data downloaded from untrustworthy sources, e.g., file-sharing web pages.Cossy Ransomware screenshot
Scroll down for full removal instructions
According to our computer security specialists, Cossy Ransomware encrypts all files found on the system except data located in the following directories: %WINDIR%, %PROGRAMFILES%, %PROGRAMFILES(x86)%. It is hard not to notice the files were encrypted as each affected file receives a second extension called .Защищено RSA-2048, for example, flowers.jpg.Защищено RSA-2048. Also, the threat is supposed to drop a ransom note called Как все эту шалашкину контору расшифровать.txt. The message in it says the malware’s is a greedy person and wishes to be paid before providing tools for decryption.
The strangest part is the asked sum is less than 1 US dollar, and the cybercriminals offer to decrypt up to 5 files smaller than 5MB free of charge. It would take to infect and convince a lot of users to accumulate a substantial sum, worth of all the efforts, which is why we doubt the hackers’ intentions. On the other hand, if the cybercriminals do not intend to scam their victims, it is possible Cossy Ransomware could be made as a joke or a test, in which case we doubt it will be widely distributed.
One way or the other if you come across Cossy Ransomware, we would recommend not to take any chances and erase it at once. The instructions located below the text will explain how to remove the malicious application manually. Naturally, if you do not think you can handle the task, you could install a reliable antimalware tool instead.
Erase Cossy Ransomware
- Click Ctrl+Alt+Delete simultaneously.
- Pick Task Manager.
- Take a look at the Processes tab.
- Locate a process associated with this malicious program.
- Select this process and tap the End Task button.
- Click Windows Key+E.
- Navigate to the suggested paths:
%TEMP%
%USERPROFILE%Desktop
%USERPROFILE%Downloads - Find a file launched when the system got infected, right-click the malicious file and select Delete.
- Locate the malware’s ransom notes (Как все эту шалашкину контору расшифровать.txt); right-click them and press Delete.
- Close File Explorer.
- Empty Recycle bin.
- Restart the computer.
In non-techie terms:
Cossy Ransomware is a threat that ruins user’s data by encrypting with a secure encryption algorithm. As a result, the victim can no longer open his files. The only way to get the files back is to decrypt them, but in order to do so, it is essential to have specific decryption tools. Cybercriminals may offer them for a particular price, but usually, we do not recommend putting with their demands because you never know what their true intentions are. What we mean to say, is paying a ransom could be a waste of your money if the hackers behind the malware may decide to scam you. In this case, the ransom note suggests the malicious application could be either a joke or the cybercriminals plan to trick their victims as asking such a small amount of money like 1 US dollar is strange and unusual. Therefore, we recommend those who encounter this infection not to take any chances and erase it instead of contacting the hackers. The removal guide available above this paragraph can help you get rid of it manually.