CoronaCrypt Ransomware
The CoronaCrypt Ransomware is a file-locking Trojan that encrypts digital media like documents and holds it hostage. As with most Trojans of this category, it monetizes attacks by demanding ransoms from victims before unlocking their files. Users can recover with either free decryption tools or unaffected backups but should let their anti-malware services remove the CoronaCrypt Ransomware first.
A Pox Upon Your Computer's Media
Joining the slowly-lengthening line of COVID-19-themed threats like CoronaLocker, the CoronaVirus Ransomware, or the CovidWorldCry Ransomware, the CoronaCrypt Ransomware's campaign is a recent addition to the thematic group. Although it's not a close relative of any of the above, it does show similarities to previous Trojans elsewhere. Its attacks also aren't part of a verifiable Ransomware-as-a-Service. It may have some weaknesses in its payload that make recovering easier than expected, but most victims shouldn't bank on the possibility.
While some vendors estimate that the CoronaCrypt Ransomware is a variant of the Jigsaw Ransomware, malware experts speculate that it's closer to the SpartCrypt Ransomware, from the Hidden Tear 'open-source' family. It doesn't use a digital signature or significant obfuscation and targets Windows PCs with a file-locking encryption routine. The attack blocks documents, images, and similar content before the Trojan creates pop-up and Notepad TXT ransom notes.
The CoronaCrypt Ransomware's ransom note uses an old version of a Dharma Ransomware HTA pop-up, which other families also share, such as the Globe Ransomware. Although threat actors insist on receiving Bitcoin payments for unlocking or decrypting files, the success rates on paid recoveries are questionable. Malware experts discourage this recovery option for most users. Most file-locking Trojans will also delete the Shadow Volume Copies, which renders the Restore Points unusable, but this isn't currently definitive with the CoronaCrypt Ransomware, which leaves an additional restoration route open to victims.
Escaping the Spreading Disease of Copied Trojans
As a possibly-modified version of the Hidden Tear project, the CoronaCrypt Ransomware might be compatible with free decryption tools. Victims testing such software for recovery of their media should create copies of their files, first. Even more helpfully, anyone with a backup on another device should find recovering from the CoronaCrypt Ransomware infections an easy and painless experience.
Malware researchers are finding some versions of the CoronaCrypt Ransomware that pretend that they're versions of the Chrome Web browser. This choice could be a disguise for hiding while the Trojan implements its encryption but may relate to the infection vector. Users should avoid updating their browsers without checking for the authenticity of the sources and staying away from possible COVID-19 tactics, such as fake tracker applications.
A majority of vendors can identify this threat, and appropriate Windows anti-malware products should remove the CoronaCrypt Ransomware safely without requiring any extra help from the user.
The overarching theme of 2020 is more than a global pandemic; it's also global file-locking attacks. All PC users who would consider paying for their files have a responsibility to keep the CoronaCrypt Ransomware from making money off of them by any means possible.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.