ComputerDestroyer Ransomware

The ComputerDestroyer Ransomware is a screen-locking Trojan that imitates the visual features of a file-locking one, such as claiming that it's encrypted media. This threat blocks access to the Windows interface through pop-ups and Registry settings changes. Users should reboot through appropriately secure methods, such as loading an OS through a removable USB and let their anti-malware products eliminate the ComputerDestroyer Ransomware safely.

A Shallow Form of Destruction for Your Windows Accessibility

Blocking media with encryption is far from difficult; in fact, even Black Hat programmers with negligible experience can throw together a file-locker Trojan in minutes, by using free code from the Web. However, some threat actors prefer an even lazier route of making bluffs, which, for some victims, can be just as functional a means of extortion as the real thing. The ComputerDestroyer Ransomware joins threats like the Ocelot Locker Ransomware and the WinBan Ransomware as pretenders using misinformation for money-making.

The ComputerDestroyer Ransomware targets Windows systems and implements a series of Registry-based changes for turning off crucial UI elements, such as the Start Menu's 'Shut Down' option. However, these functions are secondary to the ComputerDestroyer Ransomware's main symptoms, which load multiple pop-up windows for blocking the interface, as well as hijacking the desktop. One of the ComputerDestroyer Ransomware's alerts also shares the fad of theming itself after the Coronavirus (AKA COVID-19), much like the CoronaVirus Ransomware, the SARS-CoV-2 Ransomware, et al.

Beyond these aspects, malware experts can narrow down the ComputerDestroyer Ransomware's motives to the typical ones of extorting money by threatening victims with encrypted files. While the Trojan doesn't lock or encrypt content, such a feature could be forthcoming in a future release. The victim has access to multiple e-mails addresses for negotiating, as well as a 'decrypt' field with 'vb' as the hard-coded password.

Destroying All Hopes of Ransoms for Crooks

If the ComputerDestroyer Ransomware receives file-locking upgrades, users may have few options for recovering without an appropriate backup on another device. Most file-locking Trojans, if not all of them, will delete Restore Points and similar failsafe data on any available drives. Additionally, there are few technical issues with implementing an effectively invincible form of data encryption, even if the threat actor has little experience.

Assuming that the ComputerDestroyer Ransomware remains no more harmful than it is in current samples, users may regain UI access by repairing the Registry either manually or with appropriate Windows recovery utilities. They also can reboot through emergency recovery procedures such as removable media storage.

Malware experts are seeing some versions of the ComputerDestroyer Ransomware faking the names of a 'wifi hacker' utility. Software pirates are at a routine risk of infecting their computers since illegal file-sharing websites and torrents are Trojan propagation models favored extremely.

The usually reliable and updated anti-malware products for Windows environments should, however, flag and delete the ComputerDestroyer Ransomware, in most cases.

Trojans making bold claims that they can't back up aren't anything new to the threat landscape. Users believing warnings from programs like the ComputerDestroyer Ransomware are doing themselves a disservice, and should always view extortion-related communications with critical eyes.