Uninstall Kostya Ransomware

I wrote this article to help you remove Kostya Ransomware. This Kostya Ransomware removal guide works for all Windows versions.

The Kostya (K0stia) Ransomware is something you would not want to deal with. Experts even say that the ransomware families are the biggest and most dangerous cyber threat nowadays. This ransomware`s authors are Czech, based on the ransom note the threat displays, which is entirely in that language.

You know what ransomware is and you know its one and only purpose. It is money. It locks all of your files and demands money in exchange for the decryptor. If you get infected, Kostya will encrypt all of your important files using the 256-bit encryption algorithm. Then, these files are no longer available to you. They are locked and they will stay locked until you pay the ransom with will provide you the decryption tool. At least that is what the ransom note says. But nothing guarantees it.

You are dealing with cyber crooks and they cannot be trusted. You may pay and still end up with nothing in the end. All of your pictures, music, videos, documents, everything will be unusable. The ransomware will change their original format by appending the “.k0stya” extension at their ends. Then, your computer won`t be able to read the and not even to recognize them. It would be like you don’t have them at all. When Kostya has finished encrypting each valuable file on your machine it will let you know that it has by displaying the following ransom note:

“Co se stalo?
Veškeré vaše soubory byly zašifrovány šifrovacím algoritmem AES-256 společně s vaším osobním počítačem.
VAROVÁNÍ!!!Pokud nesplníte všechny dané požadavky uvedené níže do 12 HODIN , váš nynější dešifrovací klíč se SMAŽE a CENA STOUPNE NA 2000KČ!.
PO 24 HODINÁCH SE VAŠE SOUBORY SMAŽOU A VY JE UŽ NIKDY NEUVIDÍTE!!!
[…]
Jak vše odemknout? 300Kč.
– Stačí zakoupit kartu PaySafe Card v hodnotě 300Kč ,zadat její kód(číslo) do textového pole pod tímto textem a stisknout tlačítko.
Vaše platba pak bude odeslána k ověření. Po ověření budou vaše soubory a váš počítač uvedeny do původního stavu
-Kde koupím PaySafe Card ?
PaySafe Card se dá zakoupit v jakékoliv trafice, či pumpě. Stačí se zeptat prodejce.”

A picture of a skull comes together with the ransom note. It is probably meant to scare you and make you fear the developers of the ransomware. According to the note, the only way to getting your files is money. The crooks promise that by paying the sum required you are purchasing the tool, which will help you retrieve your lost data. Like I already mentioned, you have no guarantee. They may just take your money and leave you with nothing. This particular ransomware`s ransom is not very high.

Actually, it is one of the cheapest we have ever stumbled upon. It requires only 300 CZK, which equals $12. Compared to other pieces of ransomware`s demands, which are between $300 and $950, this is nothing. But it doesn’t matter how much the crooks want, they are still blackmailing you and want to rip you off. You should give them nothing. Do not support their business and don’t help them expand it as well. For now, for example, Kostya is attacking users only in in the Czech Republic and Russia. Image if it goes global. Don’t contribute to that happening.

The note also gives you a 12 hours deadline, within which you need to pay up. The crooks just want your money as soon as possible and may or may not give you what you have paid for – the decryptor. Moreover, the note provides an email for the victims to get in touch with the hackers. You don’t need to contact those crooks. You need to get rid of the ransomware and recover your data. Our removal guide at the end of this article will give you instruction on what to do to achieve that.

Remove Kostya Ransomware
The Kostya Ransomware

How did you get infected with Kostya?

Ransomware pieces use many attacking techniques. Most of the time they land right into your regular inbox, not even in the spam one. The disguise themselves as emails from a legitimate shipping company to trick you into opening them. If you do open them, they infect you. Any suspicious emails must be deleted right away without being opened or their attachments being downloaded. Moreover, malicious website/ads/links may also hide a ransomware threat. Do not forget that another malware can be delivering ransomware as well. Like a Trojan, for example.

It is very important to scan your PC for other threats as they may be hiding and lurking. Get yourself a reliable anti-malware tool to do so. And last but not least, Exploit Kits. They are also one of the most used tools for ransomware distribution. Cyber threat can surprisingly attack you anytime so you need to be vigilant and do what you can to protect yourself, your privacy and your bank account.

Kostya Ransomware Uninstall

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Kostya Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panelshadowexplorer
  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Nextsystem restore
  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Kostya Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.