Delete Cosd ransomware

Cosd ransomware comes from the Djvu/STOP malware family. It’s file-encrypting malware that adds .cosd to encrypted files, hence why it’s known as Cosd ransomware. Encrypted files will not be openable unless they are first decrypted but the cyber criminals behind this ransomware are the only ones with the decryptor.

 

Djvu/STOP malware family has been releasing ransomware versions left and right for the past couple of years, with hundreds of versions already in the wild. Cosd ransomware is the most recent versions, with Qlkm, Pola, Wbxd, Coos among the recent ones as well. While they are basically identical, they all add different extensions to encrypted files. This one adds .cosd, hence why it’s named Cosd ransomware.

Once it’s inside a computer, it will immediately start encrypting documents, videos, photos, etc. Once files are encrypted, you will not be able to open them unless you first use a decryptor on them. However, the only ones with the decryptor are the cyber crooks operating this ransomware. And they will not be generous enough to just give it to you. As explained in the ransom note (_readme.txt) dropped once file encryption is complete, you would need to pay a $980 ransom to get the decryptor. But the thing about ransomware operators is that they are cyber criminals, and expecting them to keep their end of the deal just because you pay may be somewhat naive. Countless users paid in the past but received nothing in return so be aware if you make the decision to pay.

Unfortunately, it’s currently not possible to decrypt files for free. Malware researchers are able to develop free decryptors, and one for old Djvu/STOP ransomware versions is available. However, it will not work for newer versions like Cosd because they use online keys to encrypt files. That means that all victims have different keys, and without those keys, developing a decryptor that would work for everyone is not possible. Law enforcement may release those keys if they ever catch the operators, or the cyber crooks may do that themselves, so a free decryptor being developed is not out of the realms of possibility.

If you have backup for files, you should have no trouble with file recovery. However, you should first make sure to delete Cosd ransomware. And you need to use anti-virus software for that. Otherwise, the ransomware would encrypt those files as well. If you don’t have backup, a free future decryptor may be your only option. If that is the case, back up encrypted files and wait for a decryptor to become available.

Ransomware distribution methods

Ransomware can get into a computer via a variety of ways, including malicious email attachments, torrents, malicious ads, etc. If you have bad browsing habits, you’re much more likely to pick up some kind of malware infection. Thus, we would strongly recommend you learn better habits.

Malspam is one of the most common ways malware can enter a computer. Malicious actors purchase email addresses from hacker forums and proceed to spam them with malspam. So if your email address has even been leaked, you likely receive spam on a regular basis. The spam is harmless as long as you don’t open the malicious attachments. However, if you do open them and enable macros when prompted, you would be allowing the malware to initiate. Fortunately, the malspam is usually pretty obvious. The spam is sent from random email addresses, despite the sender usually claiming to write with official business. The malspam itself would also be full of grammar and spelling mistakes. But some malspam may be more sophisticated. Thus, it’s strongly recommended to scan all unsolicited email attachments with anti-virus software or VirusTotal before opening them.

Torrenting can also often lead to a malware infection. Torrent sites are often full of all kinds of malware because of how poorly they are moderated. So it’s very easy for malicious actors to upload malware disguised as popular movies, TV series, games or software. Avoid pirating, if not because it’s stealing content, then because it’s dangerous for your computer.

Lastly, it’s very important to install updates as they come out. System updates patch known system vulnerabilities, which could otherwise be used by malware to get in. It’s highly recommended to enable automatic updates.

How dangerous is Cosd ransomware?

The first sign of the ransomware being present is a fake Windows update window. The fake window will say that it’s “installing important updates Windows” while encrypting your files in the background. It will target your photos, videos, documents, etc. All encrypted files will have the .cosd extensions added to them. For example, text.txt would become text.txt.cosd. You likely already noticed this but you will not be able to open the encrypted files unless you first use a decryptor on them. But the only people with the decryptor are the cyber criminals operating this ransomware.

As soon as the encryption process is complete, _readme.txt ransom note will be dropped in all folders containing encrypted files. The note is essentially identical to the ones dropped by other versions of this ransomware. It explains that files are encrypted, and that it’s possible to decrypt them only with a special decryptor. That is, unfortunately, true. The malicious actors operating this ransomware will try to sell it to you for $980, or $490 if you make contact within the first 72 hours. They also offer to decrypt one file for free, as proof that they can. However, we always warn users that just because they can does not mean they necessarily will. A lot of users paid the ransom in the past but received nothing in return. Keep in mind that you are dealing with cyber criminals, and they are unlikely to feel any kind of obligation to help you.

If you have backup for encrypted data, you should have no trouble recovering files, provided you first remove Cosd ransomware from the computer. However, if you don’t have backup, your only option may be to back up encrypted files and wait for a free decryptor to become available.

Cosd ransomware removal

You will need to use anti-virus software to remove Cosd ransomware because it’s a complex malware infection. We do not recommend trying to delete Cosd ransomware manually because that could end up causing even more damage. Once the ransomware is no longer present, you can access your backup and start file recovery immediately.