How to remove Koom ransomware

Koom ransomware is a file-encrypting piece of malware that comes from the Djvu/STOP ransomware family. This ransomware adds .koom to encrypted files, which is how it can be identified. Other than the extension it adds to encrypted files, it’s very similar to the other Djvu/STOP versions. Unfortunately, decryption of files is currently impossible without purchasing the decryptor from cybercriminals. But paying the demanded $980 for the decryption tool is also not recommended, as it does not guarantee file recovery.

 

 

Koom ransomware is the latest threat to come from the Djvu/STOP ransomware family, which is already responsible for releasing infections like Hoop, Muuq, Wiot, and Aeur. These ransomware infections are all more or less identical. However, they do add different file extensions to encrypted files, which is how they can be differentiated from one another. Koom ransomware adds .koom, hence why it’s called that. An encrypted image.jpg file would become image.jpg.koom. The majority of your personal files will have this extension, including photos, videos, documents, images, etc. Since personal files are usually most valuable to users, they are the primary ransomware targets. You will not be able to open these files unless you first use a decryptor on them. The _readme.txt ransom note dropped in all folders containing encrypted files will explain how to get the decryption tool. Unfortunately, the cybercriminals operating this ransomware are demanding $980 in ransom or $490 if contact is made within the first 72 hours. manager@mailtemp.ch and managerhelper@airmail.cc are given as the contact email addresses.

For users without a backup, purchasing the decryptor may seem like the best option. However, paying comes with its own risks, which you should be aware of before making a decision. Above all, you should know that paying does not necessarily mean you will get a decryptor. You are dealing with cybercriminals, and there are no guarantees that you will actually be sent a decryptor after paying. Many victims have paid in the past only to receive nothing in return. Even if you are sent a decryptor, it will not necessarily work.

If you diligently backed up your files prior to the ransomware infection, you should be able to recover them without issue. However, you first need to make sure to remove Koom ransomware from your computer. If the infection is still present when you connect to your backup, backed-up files may become encrypted as well. To make sure the ransomware is fully gone, use reliable anti-malware software.

While not available at this time, a free Koom ransomware decryptor may be released in the future. Software developer Emsisoft does offer a free Djvu/STOP decryptor but it only works on versions that used offline keys to encrypt files. The decryptor will not work on versions released after August 2019, including Koop, because they use online keys for file encryption. That means that the keys are different for each victim, and a universal decryptor is not possible without those keys. However, it’s not uncommon for malware operators to release the keys when they close shop, so a free Koop ransomware decryptor is not impossible. We recommend you back up encrypted files and check NoMoreRansom for a decryptor from time to time.

Ransomware distribution methods

Ransomware that targets random users rather than specific targets usually uses methods like email attachments, torrents, malicious ads, etc., to infect computers. Thus, users with bad habits (e.g. opening random email attachments) are at much higher risk of picking up an infection. If you take the time to develop better habits, you will be able to avoid many malware infections in the future.

It’s no secret that torrents are one of the most common ways users pick up infections. You are likely already aware of this but torrent sites are often badly moderated, which means that malicious actors can post malicious content disguised as torrents for movies, video games, TV shows, software, etc. If you use torrents to pirate, you are not only essentially stealing content but also putting your computer and your data in jeopardy.

Malicious spam, or malspam, is a very common way malicious actors spread their malware. If you receive malicious spam in your inbox on a regular basis, your email address has likely been leaked or part of a data breach. There’s not much you can do about that, apart from not opening the malicious email attachments that would infect your computer. Fortunately, unless the emails target someone specific, they’re pretty generic and easily recognizable. They are often made to appear like they’re official correspondence from a company whose services you use. But the sender’s email addresses would look random and unprofessional. Furthermore, the emails themselves are usually full of grammar and spelling mistakes, and they put pressure on the receiver to open the attached file by claiming it’s an important document. How the email addresses you can also clue you in on whether it’s actually from a legitimate company. If an email from a company whose services you use addresses you in generic terms like User, Member, Customer, etc., it’s most likely malspam. Companies will always use your name when emailing you because it would seem unprofessional otherwise. Lastly, no matter how legitimate an email may look, it’s a good idea to always scan email attachments with anti-virus software or VirusTotal.

Koom ransomware removal

Ransomware is a very complicated infection, which is why you should not attempt to remove Koom ransomware manually. Instead, use anti-malware software. Once you delete Koom ransomware from your computer, you can start recovering files from backup. However, you should be very careful to fully get rid of the ransomware because otherwise, backed-up files would become encrypted when you access your backup.

If you don’t have backup and cannot recover your files, back up the encrypted files and wait for a free decryptor to become available. While it will not necessarily be released, there are no other options left. And be very careful when searching for free decryptors because there are many malicious ones you could encounter. NoMoreRansom is a safe source to get your decryptors from, as are software developers like Emsisoft.