What is Koxic Ransomware
Discovered by Tomas Meskauskas, Koxic is determined to be a ransomware infection that operates by encrypting PC-stored data. In other words, the majority of files like photos, videos, music, and documents will be blocked by the virus to prevent users from accessing them. All files encrypted also get new .KOXIC or .KOXIC_PLCAW extensions. This means encrypted files like 1.pdf will change to 1.pdf.KOXIC or 1.pdf.KOXIC_PLCAW. The same pattern will be applied to residual data encrypted by ransomware. After getting things done with encryption, the virus creates a text note that explains ransom instructions (WANNA_RECOVER_KOXIC_FILEZ_PLCAW.txt).
Hello, all your important files are encrypted and sensitive data leaked.
To decrypt your files and avoid other unpleasant things you need to buy special decryption tool.
Contact us via koxic@cock.li or koxic@protonmail.com and tell your UserID.
This is the only way to decrypt your files and avoid publi? disclosure of data .
Do not try to use third party software (it may corrupt your files).
We respect black market rules. We can confirm the ability to decrypt your files (and of course the evidence of the leak ),
Send us several unimportant files (do not try to deceive us).
Your UserID (send it to us for decryption):
{redacted}
These instructions state victims should contact developers via koxic@cock.li or koxic@protonmail.com e-mails with their personal ID. This ID can be found attached to the ransom note. If there is no such being visible, there is a chance some version of Koxic Ransomware that infiltrated your system is still under development and being tested. After establishing successful contact with cybercriminals, you will be given further instructions to buy the decryption tool for unlocking your data. In addition to that, Koxic developers say they can publish your data on black markets in case you refuse to follow their requests. Depending on whether you are an individual or business user, Koxic developers may set different amounts for buying decryption. Usually, this sum can vary from hundreds to thousands of dollars making most victims break a sweat. Whatever the case, trusting fraudulent victims is always a risk as they can fool you and not send any decryption tools even after paying the ransom. For now, the best way to recover your data is by using backup copies if such were created and stored on external devices prior to the infection. Trying some decryption tools by third-party vendors is also an option, but nobody can guarantee your files will be eventually decrypted and safe. Encryption ciphers assigned by ransomware infections may be very sophisticated, which makes their decryption an arduous challenge. Despite this, Koxic Ransomware has to be removed from your system to prevent further encryptions and spreads onto neighboring networks. Follow our guide below to do this and learn about potential recovery methods that can restore your data.
How Koxic Ransomware infected your computer
Before moving on to distribution techniques, it is worth mentioning that ransomware researchers have found that Koxic Ransomware may bring the Azorult Spyware, which is a trojan running collection of passwords, credentials, and other important data. Koxic itself and other infections of similar type are usually spread through a variety of channels like fake software cracking tools and updates, e-mail spam messages with malicious attachments or links, backdoors, keyloggers, unreliable software, and many other suspicious vectors as well. Statistically, most ransomware infections happen when users open fake e-mail messages that contain attached files of .docx, .pdf, .exe, .zip, .rar, or .js formats. Downloading and accessing these files may be a huge risk because they may be scripted for the installation of malware. This is why e-mail services have filtering algorithms that sort unwanted stuff putting it into the “Spam” folder. In most cases, successful installations of malware capitalize on inexperienced and uncareful users that download whatever they see on the web. This is why it is advised to raise your awareness whilst downloading or surfing through content around the Internet. Below, we have prepared a full-fledged guide to help you with the removal as well as protection against threats like Koxic Ransomware in the future.
- Download Koxic Ransomware Removal Tool
- Get decryption tool for .koxic files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like Koxic Ransomware
Download Removal Tool
To remove Koxic Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of Koxic Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove Koxic Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders, and registry keys of Koxic Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
Koxic Ransomware files:
WANNA_RECOVER_KOXIC_FILEZ_PLCAW.txt
{randomname}.exe
Koxic Ransomware registry keys:
no information
How to decrypt and restore .koxic files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .koxic files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .koxic files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with Koxic Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .koxic files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like Koxic Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. Koxic Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.
