CovidWorldCry Ransomware

Posted by Sarah Stewart on June 4, 2020

What is CovidWorldCry Ransomware?

There are multiple malware infections out there that try to ride the wave of the biggest current global issues. CovidWorldCry Ransomware clearly sounds like something associated with the COVID-19 pandemic, but it’s just a dangerous infection that tries to make you think that you’re in for a lot of trouble.

Of course, you are in trouble if you get infected with CovidWorldCry Ransomware, but that’s just a cybersecurity issue. It has nothing to do with COVID-19. Consequently, you have to deal with that issue in the same manner as you would deal with any other ransomware infection.test

Where does CovidWorldCry Ransomware come from?

Not much is known about the origins of this infection, but it is clear that the program works like most of the other ransomware apps out there. Also, our research team is convinced that CovidWorldCry Ransomware employs the most common ransomware distribution measures. Thus, it means that this program probably spreads through spam emails, malicious downloads, and unsecured RDP connections.

The fact that ransomware programs tend to spread through spam emails and freeware downloads means that users install the malicious program themselves. Of course, they are not aware of the fact, otherwise, they wouldn’t interact with the installer file. But the problem is that ransomware installer files often look like legitimate documents and users are tricked into download and opening them.

If you want to avoid CovidWorldCry Ransomware, you have to be very careful about the files you receive from unknown parties. Even if the file in question looks like an official document, if you haven’t been looking forward to it, you should scan the file with a security tool of your choice before you open the file in question. If the security tool deems the file to be dangerous, delete it at once.

What does CovidWorldCry Ransomware do?

As mentioned, there is nothing unusual about CovidWorldCry Ransomware in the way it behaves. The program enters the target system, detects all the files it can encrypt, and then it launches a full-fledged encryption. When it’s complete, the affected files get a new extension to their file names. For instance, file.jpg will look like file.jpg.corona-lock after the encryption. Granted, the extension is just a visual representation of the complete encryption, and it works like a stamp from the infection. Of course, you will also be able to tell that your files were encrypted because all of the file icons will change.

Aside from the extension, CovidWorldCry Ransomware will also display a ransom note that says the following:

YOUR FILES WERE ENCRYPTED
<…>
DON’T WORRY! YOUR FILES ARE SAFE! ONLY MODIFIED :: ChaCha + AES
WE STRONGLY RECOMMEND you NOT to use any Decryption Tools.
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you have to get RSA private key.

To get RSA private key you have to contact us via email

As you can see, the criminals behind CovidWorldCry Ransomware are very adamant about trying to push you into purchasing the decryption key. However, there is no guarantee that they would issue the key even if you were to transfer the payment. It would be for the best to ignore the note and just focus on restoring your files.

How do I remove CovidWorldCry Ransomware?

According to our research, this program deletes itself once the encryption is complete. Thus, there aren’t that many files you can delete to get rid of CovidWorldCry Ransomware. You should still look for the most recent files that could be associated with this program. If you are not sure what you look for, you can scan your computer with the SpyHunter free scanner for a full system check-up.

As for your files, you should be able to restore them from a file backup, provided you have one. If not, think of all the places where you could’ve saved at least the latest files. If you feel like you’ve run out of ideas, address a local professional and they will go through other file recovery options. Finally, don’t hesitate to leave us a comment if you want to find out more about the issue.

Manual CovidWorldCry Ransomware Removal

  1. Delete suspicious files from Desktop.
  2. Delete suspicious files from the Downloads folder.
  3. Press Win+R and type %TEMP%. Click OK.
  4. Remove the most recent files from the directory.
  5. Perform a full system scan with a licensed antispyware tool. 100% FREE spyware scan and
    tested removal of CovidWorldCry Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *