Cybercriminals are coming up with new and more cunning ways of infiltrating other people’s devices to steal their data, information, or even money. They use malicious software that targets huge corporations, businesses, and individuals. A good example is the CovidWorldCry ransomware, which is somewhat the new kid on the block (discovered in late May 2020).
What is CovidWorldCry Ransomware?
This is a new COVID-19-themed virus that is also known as BigLock or CoronaLock. It locks the data and some system files stored on the infected machine, and asks for a ransom in the form of Bitcoin. The malware not only encrypts the data but also modifies the Windows boot stage, which is quite unusual for ransomware as most of them only encrypt user-related files.
The ransomware was released in two different versions, and it uses ChaCha + AES encryption algorithms to lock pictures, images, videos, files, databases, and other personal files on the host computer.
What Can CovidWorldCry Ransomware Do?
Once it has gotten into your computer, the ransomware does not start encrypting files right away. It first prepares the host for proper file locking by infecting all files stored on it. After successful infection, the virus then performs the following:
- Deletes Shadow Volume copies
- Manipulates the storage size attributed for Shadow Volume copies
- Initiates changes within the registry
- Terminates processes and starts new ones
- Drops many malicious files on the system
After the infection process, data stored in the device is locked, and users can no longer gain access to it. The encrypted files are renamed by appending the malware’s extension “.corona-lock.”
How Is the Data-Locking Virus Spread?
CovidWorldCry ransomware spreads via the Rig Exploit kit as the primary attack vector. If you notice double encryption, it means that your device was infected with CovidWorldCry ransomware alongside Djvu. Such secondary infections are difficult to get rid of.
Since CovidWorldCry ransomware is mostly distributed via exploit kits, users who have vulnerable software on their computers are at a higher risk of infection.
How to Remove CovidWorldCry Ransomware
The first thing you need to do is remove the ransomware using a reliable antivirus software.
All the locked data requires a particular key to unlock. If you can’t get that key to decipher the already encrypted data, what do you do? Don’t worry – we’ll show you how to get rid of CovidWorldCry ransomware safely using other methods without the key:
OPTION ONE: Using Safe Mode
Carry out the following procedure to remove CovidWorldCry ransomware using Safe Mode with Networking:
Step 1: Restart your computer in Safe Mode with Networking
Windows XP/Vista/7
- Click “Start” then “Shut Down,” followed by “Restart..”
- As the computer restarts, press F8 several times.
- A “Windows Advanced Option” menu appears.
- Choose “Safe Mode with Networking.”
Windows 8/10
- Click on the “Power” button at the login screen.
- Long-press the “Shift” key.
- Press “Restart.”
- Choose “Troubleshoot.”
- Select “Advanced Options.”
- Go to “Startup Options,” then “Restart.”
- When the computer restarts into the “Startup Settings” screen.
- Press F5 or click “Enable Safe Mode with Networking.”
Step 2: Remove the ransomware
- Log into the infected account.
- Start the browser.
- Download and install a robust security tool.
- Scan and remove malicious files.
- CovidWorldCry ransomware removal is complete.
OPTION TWO: Using System Restore
Follow instructions below to remove CovidWorldCry ransomware using System Restore:
Step 1: Restart your computer in Safe Mode with Command Prompt
Windows XP/Vista/7
- Click on the “Start” button, then select “Shut Down.”
- Press “Restart.”
- Choose “Ok.”
- Press F8 multiple times.
- An “Advanced Boot Options” window pops up.
- Go to “Command Prompt.”
Windows 8/10
- Press the “Power” button at the login screen.
- Long-press on the “Shift” key.
- Select “Restart.”
- Go to “Troubleshoot.”
- Choose “Advanced Options,” then “Startup Settings,” then “Restart.”
- When the computer restarts, a “Startup Settings” window will show.
- Select “Enable Safe Mode with Command Prompt.”
Step 2: Restore the system files and settings
- In the Command Prompt window, enter “cd restore.”
- Press the “Enter” key.
- Type “rstrui.exe“
- Press the “Enter” key again.
- A new window will pop up. Click “Next.”
- Select your restore point. It is ideal to choose a restore point before the CovidWorldCry ransomware attack.
- Choose “Yes” to start the System Restore
Once you have completed this process, it’s still advisable that you scan your computer using a robust antivirus program.
Conclusion
Any kind of infection on your phone or PC can be devastating. Not only do you lose your data, but you also risk having your personal information being exposed. This means that you always have to ensure that your device is protected from infections at all times using a reputable antivirus program. These are also very useful when it comes to scanning and removing the CovidWorldCry ransomware as well as reversing the damage. You should also make sure that you maintain regular up-to-date backups to a remote server like the cloud. At the moment, no decryption tool is available.