By now, you’ve probably heard of COVID-19, a disease that has quickly turned into a world pandemic. While the world is suffering the effects of this disease, hackers are seeing an opportunity. Security researchers have discovered a malware with COVID-19 theme called the Cov19 ransomware.
If you’ve experienced the Cov19 ransomware, we explain what it is in this article and how to remove it. if you’ve not experienced it, you’ll also learn how to protect yourself.
What is Cov19 Ransomware?
Simply put, the Cov19 ransomware is a practical example of opportunistic ransomware that disguises itself in the form of COVID-19 updates safety measures, or documents.
Researchers have recently discovered a coronavirus-themed, lethal malware that has a “coronavirus installer” in its description. It belongs to the scarab ransomware family. It overrides a user’s systems master boot record (MBR), making it unbootable, then encrypts their files. Overriding the MBR causes lots of trouble since the victim’s PC will not load their OS. The ransomware will display a Cov19 ransomware’s message.
What Does Cov19 Ransomware Do?
It stealthily infiltrates a system, infecting it with this malware code, and encrypts various data with a message of ransom demands for decryption. While encrypting the files and data, it renames them in this particular pattern: “random character string and the “.cov19” extension. For example, it will retitle a file like “xyz.doc” into “7QucYQjs1w48jA.cov19” after the encryption.
When the Cov19 ransomware executes, it automatically restarts the PC, and then the screen will display a virus-themed window, which you cannot close, and that blocks the system. It also creates a concealed folder named “Cov19,” which holds several secondary modules.
If you try to restart the system manually, you will automatically execute another binary file, and the screen will display a message “created by angel castillo. Your computer has been trashed.”
The Cov19 ransomware has other strains, such as .HTA, ransomware-gvz. It will try to encrypt their files and overwrite the contents of their drive’s master boot record (MBR).
Method of Cov19 Ransomware Propagation
The Cov19 ransomware spreads through fake torrent websites, infected online files, documents, links, spam email and file attachments. Some of these avenues pretend to be from the WHO or other legitimate organizations talking about safety measures against the coronavirus.
The first noted website, wisecleaner.com, pretends to be a legitimate Windows software tool. Users are tricked into downloading a WSHSetup.exe file, which turns out to the payload of the Cov19 ransomware. Upon executing the file, it downloads various other malware files from the hackers’ remote server.
How to Remove Cov19 Ransomware
You can remove the Cov19 ransomware in two ways:
- Manually from your PC, or
- Automatically using an anti-malware tool
A reputable anti-malware can remove the Cov19 ransomware. You can use a built-in anti-malware like Windows Defender for Windows 10/11 and above or download a trusted third-party anti-malware tool such as Spyhunter or Malwarebytes, among others. You will then conduct a deep scan by following the instructions provided by the tool.
We recommend the manual method only for advanced computer users because the problem might be lengthy and complicated.
Follow these steps if you want to remove Cov19 ransomware:
- Reboot your PC into “Safe Mode with Command Prompt.” End malicious processes from “Task Manager.”
- Disable auto-startup apps.
- Remove unwanted programs from the scheduled tasks.
- Delete temp data and prefetch.
- Delete all associated “Registry Entries” created by the Cov19 ransomware.
- Delete the infected folder or files.
- Conduct a deep scan for your PC to completely remove the file.
- If the malware persists, conduct a System Restore.
- Boot back into normal mode.
- If you have an anti-malware tool, run the application to scan the PC of any remaining traces of the Cov19 malware.
Protect Yourself from Cov19 Ransomware
Most ransomware attacks are often linked to poor PC protection practices. Here are a few dos and don’ts that you can undertake to protect yourself from Cov19 ransomware:
- Avoid questionable sites and scrutinize those that give safety measures about the COVID-19 virus before clicking on them or the links.
- Do not fall for click baits and web ads, particularly about the coronavirus.
- Do not to open suspicious and/or irrelevant emails, particularly links or attachments in the emails and those that purport to advise you against COVID-19.
- Only download files and programs from official, verified websites or channels.
- Avoid illegal activation tools and third-party updates because they proliferate malicious programs. Use only tools from legitimate developers.
- To protect device and user safety, use reputable ant-virus or anti-malware programs, and ensure it’s always active and kept up-to-date.
- Always use a trustworthy VPN when accessing public Wi-Fi.