Cyber Security Center

Delete Kolz ransomware


Kolz ransomware is file-encrypting malware, another member of the Djvu/STOP ransomware family. It adds the .kolz extension to all encrypted files and drops the _readme.txt ransom note.

 

Kolz ransom note

Kolz ransomware is malware that encrypts files. It’s part of the Djvu/STOP malware family, which releases new versions on a regular basis, with there currently being more than 200 versions out there. Once this malware encrypts files, users will be unable to open them, unless they are decrypted first. The ransomware will drop the _readme.txt ransom note, which will explain that users can purchase the decryptor for $980, or $490 if they make contact within the first 72 hours. Unfortunately, without that decryptor, file decryption is not currently possible.

Paying the ransom may be the only option to some users. However, we feel it’s necessary to warn users that paying the ransom is not necessarily a good idea. Paying does not guarantee that files would be decrypted, as there always is a chance that the cyber crooks behind this ransomware will simply not send the decryptor. It has, unfortunately, happened in the past. Furthermore, paying only encourages these cyber crooks to continue their malicious activities.

Backup is currently the only way to recover files for free. If users had backed up files prior to the infection, they can start file recovery as soon as they remove Kolz ransomware from their computers.

Users should also be aware that there are many dubious sources offering decryptors for Kolz ransomware. Those decryptors could actually be disguised malware. A legitimate free Kolz ransomware decryptor is not yet available, but if there was one, it would be released by anti-virus vendors like Emsisoft, or NoMoreRansom.

Ransomware distribution methods

Users with bad browsing habit often end up infecting their computers with malware. They open spam email attachments without thinking twice, click on ads when on high-risk websites, download torrents and use software cracks.

Spam emails with attachments are commonly the cause behind a ransomware infection. Cyber criminals launch spam email campaigns using leaked email addresses they purchase from hacking forums, and attach malicious files to those emails. It’s enough to open the malicious file for the ransomware to initiate. But if users learn to recognize malicious emails, they should have no issue differentiating them. First of all, spam and malicious emails are often sent from email addresses made up of a random combination of letters and numbers. This is an immediate giveaway. Malicious emails are also often full of grammar and spelling mistakes, for some reason. Overall, these kinds of emails are pretty easy to spot, as long as users don’t rush into opening attachments. But since some emails may be more sophisticated than others, it’s recommended to scan all unsolicited email attachments with anti-virus software or VirusTotal.

Users who use torrents to pirate are also risking picking up ransomware. Torrent sites and forums are largely unregulated, which allows cyber criminals to easy upload disguised malware. Malware is often concealed in torrents for popular movies, TV shows, games, software, etc.

Kolz ransomware encrypts important files

Once users initiate the ransomware, it begins file encryption. Like all ransomware, it primarily targets photos, videos, documents. Encrypted files will have the .kolz extension added to them, hence why this ransomware is known as Kolz ransomware. As soon as file encryption is completed, users will notice a _readme.txt ransom note in all folders containing encrypted files.

Here is the full ransom note Kolz ransomware drops:

ATTENTION!

Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-18R6r7GGG8
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpmanager@mail.ch

Reserve e-mail address to contact us:
restoremanager@airmail.cc

Your personal ID:

The ransomware demands that users pay $980 for decryptor, or $490 if they make contact within the first 72 hours. However, as we said above, paying the ransom may not be the best idea, as it does not guarantee that a working decryptor will be sent. Countless users were left with encrypted files and lost money in the past.

This means that backup is the only way to recover files at the current moment. If users have backed up files prior to their files becoming encrypted, they should have no issues with file recovery once they remove Kolz ransomware.

Users who have no backup have the option of backing up encrypted files and waiting for anti-virus vendors and malware researchers to release a free decryption tool.

Kolz ransomware removal

Users should only attempt to delete Kolz ransomware with anti-malware software. If they try manual Kolz ransomware removal, they may end up doing even more damage.

Kolz ransomware is detected as:

  • Trojan.GenericKD.34558336 by BitDefender
  • Win32:MalwareX-gen [Trj] by Avast/AVG
  • Trojan.GenericKD.34558336 (B) by Emsisoft
  • A Variant Of Win32/Kryptik.HGGJ by ESET
  • HEUR:Exploit.Win32.Shellcode.gen by Kaspersky
  • Trojan.MalPack.GS by Malwarebytes
  • Ransom:Win32/STOP.BS!MTB by Microsoft