Kodc Ransomware

What is Kodc Ransomware?

Kodc Ransomware is a threat to your personal files, such as documents and photos, and if you want to keep them safe, you need to keep the threat away. Unfortunately, more and more file-encrypting threats emerge every single day, and it is no longer enough to implement legitimate security software. People often skip or postpone updates, and that leaves their systems exposed to new invaders. This is why all Windows users need to be proactive about how they protect their files as well. Anti-Spyware-101.com researchers recommend setting up a reliable cloud storage system or using external hard drives to protect copies of all personal files. As long as the backups are separated from the original files, they should be safe. What about internal backups? We do not recommend using those because cybercriminals have learned ways to delete them. Hopefully, copies of your personal files are safe, and you can use them to replace the corrupted files after removing Kodc Ransomware.

How does Kodc Ransomware work?

It is obvious that Kodc Ransomware is part of the STOP Ransomware family, just like Leto Ransomware, Mosk Ransomware, Msop Ransomware, Zobm Ransomware, and hundreds of other well-known threats. They all work the same, and even the messages displayed are practically identical. To execute these infections on Windows operating systems, the cybercriminals behind them usually rely on unpatched software vulnerabilities, spam emails, and bundled downloaders. Therefore, if you stay on top of updates, delete spam emails without opening them, and avoid bundled downloaders, you should really minimize your chances of facing Kodc Ransomware and similar threats. Once this malware is executed, a fake Windows Update notification shows up. It is meant to distract you from the encryption happening in the background. To ensure that you do not discover and terminate malicious processes before files are encrypted, the threat also disables the Task Manager. Once files are encrypted, you should find the “.kodc” extension attached to them, and, of course, you will not be able to read these files.

Next to the corrupted files, you are likely to find a file named “_readme.txt.” Our research team has seen the message inside this file many times before because most STOP Ransomware infections use the same message. It starts with the disclaimer that files were encrypted, but can be “returned.” Then, the message declares that the only way of decrypting files is with the help of a “decryption tool and unique key,” which cost money. The alleged full price for the decryptor is $980, but the message informs that victims can use a 50% discount if they pay within 72 hours. We have seen this pseudo discount in all cases, and you should not think that you are being offered a good deal. Since no additional information about the payment is offered, victims of Kodc Ransomware are urged to email helpmanager@firemail.cc or helpmanager@iran.ir. Do not do this because by contacting the attackers you might be exposing yourself to scams and malware. At the time of research, Kodc Ransomware was not yet decryptable, but by the time you are reading this, the free STOP Decryptor might be able to assist you. Even if you cannot get your files decrypted for free or you do not have backups, we do not recommend paying the ransom. Your chances of retrieving a decryptor in return are slim to none.

How to remove Kodc Ransomware

Even if you cannot salvage your files now, the attack of Kodc Ransomware will be a lesson that you, hopefully, will not forget in the future. Remember to keep copies of your personal files safe, beware of any security backdoors that could be used for malware distribution, and, of course, secure your system using reliable software. We strongly recommend implementing anti-malware software that could automatically delete Kodc Ransomware from your system as well as secure it at the same time. You will need to think about the security of your Windows system separately if you decide to remove the threat manually. We can show you how to remove most of the components linked to this malware, but we cannot help you delete the most important file, which is the executable. Since it could have been dropped anywhere, we cannot point you to it, and we cannot guarantee that you will find it yourself.

Removal Instructions

1. Locate the .exe file that executed the infection and Delete it.
2. Launch Explorer (tap Win and E keys together) and enter %HOMEDRIVE% into the field at the top.
3. Delete a file named _readme.txt and also a folder named SystemID.
4. Enter %LOCALAPPDATA% into the field at the top.
5. Delete a folder with a random name that has malicious ransomware files inside.
6. Enter %WINDIR%\System32\Tasks\ into the field at the top.
7. Delete the task called Time Trigger Task.
8. Launch Run (tap Win and R keys together) and then enter regedit into the box.
9. In Registry Editor, go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
10. Delete the value named SysHelper.
11. Empty Recycle Bin and then immediately install a malware scanner you trust.
12. Scan your system to check if there are any files or threats that still require removal. Download Removal Tool100% FREE spyware scan and
    tested removal of Kodc Ransomware*