Remove Cosakos Virus Ransomware (+ .Cosakos File Recovery)

.Cosakos File

.Cosakos Virus in Depth

.Cosakos Virus
Once the .Cosakos Virus is finished with encrypting your files you will find this message.

Ransomware cryptoviruses such as Cosakos are some of the most dangerous computer infections that you can encounter online. Dealing with them can be very challenging, yet, there is no need to let the panic take you over. The main problem with the Ransomware-based infections is the fact that they don’t harm anything on the system and, thus, the security programs rarely can detect them. Unlike most other computer threats, such as Trojans or Rootkits who usually do some significant damage, these pieces of malware just apply a special encryption to the files, stored in the system without damaging them. In this way, infections like Cosakos, Nvetud or Mogranos prevent the victims from accessing their information and ask them to pay a ransom (usually in BitCoins) in order to regain their access. Another factor that plays a great role when it comes to surprising the victims is the stealthiness of the Ransomware. Such malware can sneak inside the system with the help of many infection methods, including through the distribution of spam, malicious email attachments, fake software update requests, infected ads and more. On top of that, in many cases, it may not be possible to reverse the effects of their attack successfully.

To access the encrypted information, you would need to apply a special decryption key, which can reverse the applied encryption. This key, however, is kept at the server of the attackers who stay behind the Ransomware and they will ask you to pay a certain amount of money for it. They will display a ransom-demanding notification on your screen with instructions on how to make the payment.

Professional malware researchers all around the web, who try to combat Ransomware infections, advise the victims of this blackmailing software not to give their money to the hackers. The strongest reason for that is the fact that the online crooks simply cannot be trusted. They may easily trick you into paying the ransom by promising that they will help you get your files back and then simply disappear without sending you nothing. Even if you follow every step of their ransom-payment instructions, there is no guarantee that you will get the decryption key. Not to mention that, in the event you do get one, there is no proof that it will work. The only thing that is for sure is that your money will be gone and there will be no refund, regardless of whether you get your data back or not.

Can the .Cosakos file encryption be broken?

.Cosakos File
A screenshot of an enrypted .Cosakos File.

In case your audios, videos, images, documents and other personal files have been encrypted by Cosakos, our suggestion is to take a look at the Removal Guide below. It contains instructions on how to remove the Ransomware both manually or with the help of a professional removal tool, as well as some file-recovery suggestions. If you have backups, you can use them as well. Keep in mind though, that the effectiveness of the alternative methods may vary from case to case. Therefore, a 100% success in file-recovery cannot be guaranteed in all the cases.


Name Cosakos
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.

Remove .Cosakos Ransomware

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Cosakos

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

hosts_opt (1)

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Cosakos.


4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Cosakos , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Cosakos

Type each of the following locations in the Windows search box and hit enter to open the locations:






Delete everything you see in Temp linked to Cosakos RansomwareAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Cosakos Decryption

The previous steps were all aimed at removing the Cosakos Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Leave a Reply

Your email address will not be published. Required fields are marked *