Coban Ransomware

Posted by Sarah Stewart on October 27, 2017

What is Coban Ransomware?

If Coban Ransomware settles in on your system, you might lose all of your data since the malware enciphers it with a secure cryptosystem. To recover it, the cyber criminals behind this malicious program could ask you to write them using the provided email address. No doubt, the return message from them should state the amount of Bitcoins you would have to pay for ransom. In exchange for the requested payment, the hackers might promise to send you a decryptor as soon as the ransom reaches them. However, we would advise you to think twice before you decide whether it is a good idea to put up with such demands. The problem is, it is entirely possible the cyber criminals might scam you and leave you without the promised decryptor. To learn more details, we invite you to read the rest of this report, although if you already know you wish to eliminate Coban Ransomware, you could slide below the article and follow the provided removal steps.test

Where does Coban Ransomware come from?

According to our researchers at Anti-spyware-101.com, it is most likely that Coban Ransomware comes from the CryptoMix Ransomware family. Just like the other malicious application from this family the infection could be spread through Spam emails. In which case, users who encounter it might unknowingly allow the malware settle in after downloading and launching a suspicious email attachment. The next time you come across such content, it would be smarter to scan it with a legitimate antimalware tool first. For the tool to be able to recognize newer threats it should be updated as soon as the new update becomes available; otherwise, there might be not much use for keeping it on the system. Additionally, our researchers advise not to given to curiosity and avoid opening suspicious files if you do not know where they come from or why they were sent to you.

How does Coban Ransomware work?

The first thing the malicious program should do after the computer gets infected is start enciphering various data located anywhere except the files available on Windows and Program Files folders. Unlike other similar threats, Coban Ransomware, might not just mark the affected files by appending a specific extension to them, but also by giving the enciphered data new names. For instance, an encrypted flower.jpg picture could become 0BCF3C58321506C57456DBF9I240G4G9F.coban and so on. The next step is to inform the user of what has happened and to demand a payment. The malware should do so by dropping a ransom note titled _HELP_INSTRUCTION.TXT in almost all folders. This file should contain a text in English saying the only way to decrypt files is to pay a ransom. As it happens quite often, the note does not explain how such payment should be made and instead asks to write the Coban Ransomware's developers an email to find out more. Just as we said in the first paragraph, paying the ransom could be extremely risky, and we do not recommend it if you do not want to risk being scammed.

How to erase Coban Ransomware?

One of the ways to delete the malicious application is to remove all of its created data file by file. This process might be a bit complicated, but if you feel up to such a task, we encourage you to have a look at the steps located below this paragraph and get rid of Coban Ransomware manually. The easier way to eliminate it could be to employ a legitimate antimalware tool, set it to do a full system scan, wait for the results to show up, and then erase the infection along with other possible detections while pressing the given removal button.

Delete Coban Ransomware from system

  1. Tap Ctrl+Alt+Delete.
  2. Pick Task Manager.
  3. Locate a process related to the infection.
  4. Mark the process and click the End Task button.
  5. Leave Task Manager.
  6. Press Windows key+E.
  7. Go to the following paths:
    %ALLUSERSPROFILE%
    %ALLUSERSPROFILE%\Application Data
  8. Look for executable files titled BC0EBCF2F2.exe, right-click these files and press Delete.
  9. Close your File Explorer.
  10. Press Windows key+R.
  11. Insert Regedit and select Yes.
  12. Search for these specific paths:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
  13. Find value names titled BC0EBCF2F2, right-click these value names and pick Delete.
  14. Leave Registry Editor.
  15. Empty your Recycle Bin.
  16. Reboot the system. 100% FREE spyware scan and
    tested removal of Coban Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *