Yet another variant of STOP ransomware has appeared, this type carrying the .codnat1 file extension. This variant is very similar to the previously released .codnat ransomware iteration. The main goal of this virus is to set the .codnat1 file extension after it encrypts files and then extort you into paying ransom so that you can open your files again. The ransomware also drops a _readme.txt ransom note, which contains ransom instructions on how to pay the ransom fee in return for your files. If your computer was recently compromised by the .codnat1 STOP ransomware, we suggest that you read this article thoroughly.
|Name||.codnat1 Files Virus|
|Short Description||Files are encrypted and the victims cannot open them unless they pay ransom.|
|Symptoms||Files have the .codnat1 file extension added to them. A ransom note _readme.txt file is also dropped.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by .codnat1 Files Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .codnat1 Files Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.codnat1 Ransomware – How Did I Get It and What Does It Do?
The .codnat1 ransomware may infect your computer via two main types of objects:
- Malicious files.
- Malicious web links.
Both of the objects can arrive on your computer either by visting a malicious site, where you get redirected to them or by downloading the file or clicking on a URL as a result of them being sent to you via some chat or via e-mail. The most commonly used distribution way of spreading those types of files is via e-mail, where they are often uploaded as fake invoices, receipts, order confirmations or other types of files.
The result of this is that the .codnat1 ransomware may infect your comptuer without your antivirus alerting you and may perform the following pre-infection activities:
- Obtain rights as an administrator.
- Check if your OS is real.
- Obtain your IP and Mac address.
- Create registry entries in Windows Registry Editor.
The .codnat1 files virus may also drop virus files, called modules in the following Windows directories:
The ransomware also drops the ransom note file. It is called _readme.txt and contains the extortionist message:
Don’t worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
Reserve e-mail address to contact us:
The files which are encrypted by the .codnat1 ransomware could end up to be documents, images, archives, videos, audio files and other often used files. The virus scans for and encrypts files, based on their file extension, where it looks for the most often used ones, for example:
→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”
For the encryption, .codnat1 variant of STOP ransowmare is believed to use AES cipher. This means that it changes parts of your original files with data from the cipher. After encryption, the files seem corrupt and looking like the following:
The virus then generates a unique decryption key, which is only corresponding with the key, that the crooks promise to give you after you pay ransom, which is usually in BitCoin. Paying such ransom is strongly inadvisable, since you cannot trust cyber-criminals with your files.
Remove STOP Ransomware and Try to Restore .codnat1 Files
To be able to remove the .codnat and .codnat1 ransomware, we strongly recommend that you follow the steps underneath. If the first two steps for manual removal do not help you out, or you want to save yourself the time to manually looking for and deleting the virus files of this STOP ransomware variant, we suggest that you use a professional anti-malware program for removal. Such software is often reccomended by experts, because it has the power and the capability to scan for and eradicate the malicious files, belonging to this variant of STOP ransomware from your system.
Also, if you want to try and get your files, back, we recommend that you do a backup first and wait of a decryptor. When such is available, we will also focus on updating this article, so be sure to check it regularly. Not only this, but also if you want to try and get your files, you should check the “try to restore” step underneath. It contains methods that may not be safe at a 100%, but with their aid, you could be able to retrieve at least some of the files.