Covm Ransomware
The Covm Ransomware is a file-locking Trojan that's from the Ransomware-as-a-Service known as STOP Ransomware and Djvu Ransomware. While its identifying characteristic is stopping files from opening for a ransom, it also may include side effects like blocking websites and wiping backups. Professional anti-malware tools will delete the Covm Ransomware ordinarily automatically, and offsite backups can provide an always-reliable file recovery.
The Service that Never 'STOPS' Giving
While Ransomware-as-a-Service may rise and fall with activity, depending on the cryptocurrency market, it still is a reasonably-dependable moneymaker for criminals in 2020. One of the largest families to date, the STOP Ransomware, is nowhere near an evident conclusion. Threat actors continue hiring the Trojan with barely-custom variants that they deploy in the time and place of their choosing – like the Covm Ransomware.
Early versions of this family, such as the Rumba Ransomware, the Promock Ransomware, or the STOP-roland Ransomware, have no coherent theme. However, by the time of the Covm Ransomware, Sqpc Ransomware, et al., the Trojans use names consisting of four randomly-generated characters. The Covm Ransomware, like some of its relatives, also pretends that it's a temporary or TMP file in its filename, as part of avoiding any visibility during its installation and setup.
The Covm Ransomware's most threat-defining threat is encryption, which blocks files of formats like PDF or DOC documents, JPG or GIF pictures, and other media. This feature may retrieve the encryption key from a Command & Control server, but the Covm Ransomware also can implement an offline equivalent for unreliable connectivity scenarios. Users always can detect the non-opening files by looking for the secondary extension that the STOP Ransomware variant inserts, such as the Covm Ransomware's 'picture.jpg.covm.'
There's More than Extortion in this Trojan's Family
The unlocker or decryptor that the Covm Ransomware sells is, from the point of view of the attacker, the second most crucial function of the Trojan. In contrast, from the victim's standpoint, the Covm Ransomware includes more concerning issues that can endanger most Windows systems from different angles. It may block websites by making Hosts file changes, erase data associated with the Restore Points, and generate fake Windows update progression bars. Some versions of the Covm Ransomware's family also include other threats, such as spyware.
Users should invest in backup safeguards that aren't at risk from a local program's deleting them non-consensually, such as cloud services. They also should be careful around the infection vectors that are highly notable for circulating the STOP Ransomware Trojans, including software piracy-themed torrents and fake updates on compromised websites. Safe Web-browsing habits and strong passwords will protect nearly all potential victims from the Covm Ransomware campaign.
In the event of these protections failing, users always have the option of containing or removing the Covm Ransomware through appropriate anti-malware products. The STOP Ransomware family has no substantial defenses against such programs.
The all-too-familiar story of another STOP Ransomware attack is something that only stops when victims stop paying the ransom. The Covm Ransomware owes its existence to users not protecting themselves until it's too late, whether their precious files are on a smartphone or a desktop computer.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.