Koko Ransomware

Koko Ransomware drops a note carrying a specific message after it encrypts files available on an infected device with a robust encryption algorithm. If you cannot open your files and you see a note mentioning kokoklock@cock.li email address, your computer is most likely infected with this threat. In which case, we recommend reading our article to learn more details about this infection. In the article, we discuss where it might come from, how it works, and, most importantly, how to erase it from a system. If you are looking for a way to restore your files, we can tell you that it is impossible without decryption tools. Without them, you can only replace encrypted data with backup copies from removable media devices, cloud storage, and so on. However, before attempting to replace encrypted files with backup copies, you should delete Koko Ransomware first. It can be removed with a reliable antimalware tool or by following the instructions located below this article.

As mentioned in the paragraph above, one of the signs suggesting that your computer was infected with Koko Ransomware is a note saying you have to email someone via kokoklock@cock.li. The other sign that users who encounter the threat in question ought to see is a specific extension that appears at the end of the malware’s affected files.

The extension should consist of two parts: .mailto[kokoklock@cock.li] and.{6 random characters}. For instance, the sample tested by our specialists marked files encrypted on their test computer with the following extension: .mailto[kokoklock@cock.li].3ca792. According to our researchers, the malicious application encrypts lots of different file types, which means a lot of your data could be marked with the threat’s extension if you infect your system with it. Nonetheless, it does not look like the ransomware application encrypts data belonging to a computer’s operating system, which means an infected device should be still bootable.

By saying a user might infect his system with Koko Ransomware, we meant that victims might be tricked into installing the malware. Sadly, it might be easier than you think, as hackers are capable of disguising malicious files to make them look harmless. Malicious ransomware installers are often sent via Spam emails. What is even worse is that cybercriminals sending such emails could pretend to be representing various reputable companies to convince email receivers that it is safe to open the attached data.

Keep in mind that it takes only to launch harmful files or click malicious links that could be mentioned in a message, and your system could become infected. Thus, before you open email attachments, we recommend scanning them with a reliable antimalware tool. Also, some ransomware applications are spread through unreliable file-sharing websites. Therefore, if you genuinely wish to stay away from malware alike, you should download installers, updates, and any other files that you might need from legitimate sources only. Otherwise, a threat like Koko Ransomware might sneak into your system, and you may realize what has happened only after seeing its displayed ransom note.

The malicious application’s ransom note says a user needs to contact the malicious application’s developers via a given email address if he wishes to restore his data. There is nothing said about having to pay a ransom in exchange for decryption tools, but there is hint suggesting such a request would be presented later on in the following sentence: “There you can decrypt one file for free. That is our guarantee.” We should stress that even though the hackers say they can guarantee you will not be tricked and will receive needed decryption tools because people like them cannot be trusted. If you think so too, we advise you not to pay the ransom.

For users who wish to erase Koko Ransomware, we can offer a couple of deletion options. The first one is to remove the malware while following the instructions available below that show how to erase the threat manually. The second option is to use a reliable antimalware tool that could eliminate Koko Ransomware for you. The only things you would have to do is install a trustworthy tool, perform a full system scan with it, and click its provided removal button to delete all detections at once.

Erase Koko Ransomware

1. Press Ctrl+Alt+Delete.
2. Pick Task Manager and select Processes.
3. Find a process belonging to this ransomware.
4. Mark it and press End Task.
5. Exit Task Manager.
6. Click Win+E.
7. Find these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
8. Find the malicious application’s launcher (suspicious file downloaded before your computer got infected).
9. Right-click it and select Delete.
10. Locate and erase all files called {random}-Readme.txt, for example, 5EA791-Readme.txt.
11. Exit File Explorer.
12. Empty Recycle Bin.
13. Restart the computer.