Kolobo Ransomware Removal Guide

Kolobo Ransomware is a rather old malware infection that first appeared back in early 2014 and has been around ever since. This dangerous threat is indeed a variant of the infamous Gingerbread Ransomware. Once it manages to penetrate your system, it starts encrypting the targeted files. Your only chance to be able to recover your files is, of course, by getting hold of the decryption key, which is offered to you for a certain amount of ransom fee. The authors of this severe threat have some sense of humor and creativity, we must give them that. In fact, they have come up with a Gingerbread pie story for the victim to support this pie so that it can by its own apartment. Well, if it were up to us, neither this pie, nor the creative cyber criminals would have any money from us to buy anything. If you do not want to support online crimes but would like to use your computer again, we suggest that you remove Kolobo Ransomware immediately after finishing our article.

You may consider yourself a cautious web surfer and wonder how such a serious malware infection may have landed on your system without your knowledge or permission. Well, the sad truth is that most likely it was you who let it on board. According to our research, it seems that most users infect their system with this ransomware via spam e-mails. In fact, this method tends to be used by most schemers to spread certain malware programs as they can reach a great number of different kinds of people out of whom there will definitely be unsuspecting ones who could be fooled into opening this mail and click on the attached file. This attachment is the key in this case since when you click on it or download it to run it from your system, you actually activate this vicious attack. This is also the moment when your effort to try to delete Kolobo Ransomware will not help you save your files.

Criminals have evolved in the past years and now target their victims with very convincing and deceptive spam mails that really make you feel you want to open them right away to see the attached file. First of all, these mails have authentic-looking sender names and e-mail addresses. It is possible that most of these you will even find as existing ones if you run a Google search. Then, the subject of these mails is also an important part of the deception as it usually claims to be about a problem that concerns your credit card, a questionable flight booking, an unsettled invoice, and so on. It is quite hard to say no to such a mail because our curiosity kicks in right away. You should also know that in some cases it is enough for you to open the e-mail to trigger a malicious code that drops the infection. Therefore, it is advisable that you become more alert whenever going through your mails and that you do not open the ones that seem questionable. As we have said, you can only remove Kolobo Ransomware once the damage is already done but even so, this is what you should do if you want to restore your machine.

Our research and tests show that this ransomware encrypts your photos, documents, archives, and program files using XOR and RSA algorithms. It creates an executable file and a .bmp file in your %AppData% and %AppData%\Microsoft\Windows\Start Menu\Programs\Startup folders. So as you can see, this threat makes sure that it starts up every time you reboot your system. The affected files get a “.kolobocheg@aol.com_[user id]” extension; so your files will look something like “image.jpg.kolobocheg@aol.com_k1” as in our case “k1” was the personal ID. After this malware finishes the encryption, which should not take more than a single minute, it replaces your desktop background image with its own .bmp ransom note.

This note is in Russian language and a rather unordinary one for that matter. Instead of the usual threats and facts of your files having been encrypted and taken hostage, this note tells a “sad” story of a Gingerbread pie who wants to have its own apartment to live separately from its parents. This is given to the victims as the base for the “money support,” which is indeed a ransom fee in disguise. You are asked to send an e-mail to kolobocheg@аоl.com with the given unique ID and you are also prompted to visit filesencoded.com for further information. For your information, this website is down and no longer available. In any case, we do not advise you to contact such cyber criminals in any way. There is no guarantee that you would get anything in return for your money no matter how low or high this fee may be. We suggest that you remove Kolobo Ransomware right away.

As a matter of fact, your only chance at present to recover your files is to have a recently saved backup on a removable hard disk or pendrive. But even if you are lucky enough to have a backup, the first step should be that you delete Kolobo Ransomware from your system. Please follow our instructions below if you feel experienced enough to go for manual removal. We believe that if you let this dangerous threat on board, it is quite possible that you will also find other malware infections hiding on your system. Therefore, in order to really and efficiently restore your system security, we recommend that you employ a trustworthy anti-malware program, such as SpyHunter.

How to remove Kolobo Ransomware from Windows

1. Press Win+E.
2. Delete the malicious attachment you downloaded from the spam mail.
3. Locate the %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\ folder and delete ie_updater.exe and bmp.bmp
4. Check %Appdata% folder and if you find ie_updater.exe and bmp.bmp, bin them.
5. Empty your Recycle Bin.
6. Restart your PC.