Remove Cosacos Virus Ransomware (+.Cosacos File Recovery)

.Cosacos File

The Ransomware cryptovirus infections are a common online threat that many users get attacked by on a daily basis. The most typical trait of those infections is that they use a process known as data encryption to render the files present in the infected machine inaccessible – this allows the hackers controlling the Ransomware to demand a ransom payment from their victims. The money is typically requested in BitCoin – the use of this infamous cryptocurrency allows the hackers to keep their anonymity since money transactions made through BitCoins are virtually untraceable to the regular users. A key thing to understand if a Ransomware infection gets a hold of your files is that the consequences of the attack may not always be fully reversible. Still, this definitely doesn’t mean you shouldn’t try to mitigate the negative effects of the attack.

The .Cosacos virus

.Cosacos Virus
After the ransomware is done encrypting your files, it will leave a _readme.txt file with instructions.

 Cosacos is the Ransomware cryptovirus infection that is the reason for writing the current post – it is a new and particularly unpleasant piece of malware that uses a highly sophisticated encryption code to lock up the files of the people whose computers it attacks. Such encryptions are really difficult to break even for a professional malware security expert. There are many people out there working day and night to break the encryptions of newer cryptoviruses like Cosacos in order to develop working decryptor tools. However, it takes a lot of time and effort to create a single such tool for only one Ransomware. At the same time, new Ransomware infections like Cosacos or Nelasod get created on a daily basis, which means there’s always a number of cryptoviruses with no corresponding decryptor tools for them. On our site, you can find a list of decryptors for some of the most popular Ransomware threats. We try to update the list with the latest decryptor additions so that our users can find and use them.

Why not simply pay the ransom?

The main problem with the payment is the uncertainty of it. Even if you leave aside the fact that the money sum demanded for the files’ decryption could be quite high and that not everyone may have the opportunity to make such a payment, there is still the risk of sending the sum and not getting anything in exchange for it. The hackers behind threats like Cosacos are not to be trusted – after all, they are the people responsible for your files’ decryption. They could easily decide that sending you the key is not something they are going to do. Furthermore, what’s the guarantee that such a key even exists? Oftentimes, there is none.

An alternative to the .Cosacos file encryption

.Cosacos File
The ransomware will encrypt your files and add .Cosacos extension to them.

We cannot promise that if you follow the alternative we are about to present you with, you will bring all of your data back. Still, it is worth to give it a try. The first thing you’d need to do is remove the virus – the guide below and the linked removal tool will help you with that. Then, you can go to the next section of the guide to see some recovery suggestions as well as visit our list of Ransomware decryptors and try some of them.

Cosacos SUMMARY:

Name Cosacos
Type Ransomware
Danger Level  High (Cosacos Ransomware encrypts all types of files)
Symptoms Cosacos Ransomware is hard to detect and aside from increased use of RAM and CPU, there would barely be any other visible red flags.
Distribution Method  Most of the time, Trojans get distributed through spam e-mails and social network messages, malicious ads, shady and pirated downloads, questionable torrents and other similar methods.

Remove Cosacos Ransomware 

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Cosacos

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

hosts_opt (1)

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Cosacos.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Cosacos , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Cosacos

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Cosacos RansomwareAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Cosacos Decryption

The previous steps were all aimed at removing the Cosacos Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

Author:
Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Leave a Reply

Your email address will not be published. Required fields are marked *