Developers of ransomware this time around are trying educate their targets on the dangers of the very malware they are infecting the targets with. Enter Koolova ransomware, which will decrypt your files for free, but only if you educate yourself about ransomware by reading two articles on the matter. At this point this variant of ransomware is still being developed, but Lawrence Abrams over at BleepingComputer had a chance to play with it a bit. Essentially Koolova will encrypt a targets files and then displays a screen that will tell them they must read two articles before they can get a decryption key. If you fail to comply with this simply task, the malware will delete the files on your system. According to BleepingComputer they are not bluffing.
The two articles that Koolova wants you to read are from Google Security Blog, “Stay safe while browsing” and BleepingComputers’s own “Jigsaw Ransomware Decrypted: Will delete your files until you pay the ransom.” While this variant of Ransomware is not yet in the wild, it is still an interesting footnote in the malware’s history. It is a significant shift in the ways hackers will hold users for ransom.
We may start seeing a shift where hackers hold data ransom until a target performs an action, as a opposed to wanting a monetary sum. Having the target read an article about protecting themselves against ransomware isn’t that bad. However, it is not out of the realm of possibility that they start making targets perform more sinister acts. Eli has already touched base on the variant of ransomware that will let you decrypt your files if you infect others with the same malware. All in all a little knowledge on ransomware best practices goes a long way in preventing disaster.