SARS-CoV-2 Ransomware
The SARS-CoV-2 Ransomware is a file-locking Trojan that can prevent documents, pictures, and other media throughout your computer from opening. The encryption that it uses for doing so may or may not be reversible through a decryption tool, and users should restore from their backups whenever possible. Anti-malware products also may remove the SARS-CoV-2 Ransomware as a threat or prevent infections completely.
A Disease Crossing Borders with a Few Hiccups
A file-locking Trojan not connected to the usual Ransomware-as-a-Service families presents another danger for users who aren't backing their files up to other devices as a matter of habit. The SARS-CoV-2 Ransomware is part of a wave of Coronavirus-themed threats, very similar to the CoronaVirus Ransomware and the CovidLock Ransomware, although it's not an immediate relative of either. In SARS-CoV-2 Ransomware's case, the theme is only skin-deep, but the attacks are data-incisive.
The SARS-CoV-2 Ransomware uses encryption with algorithms malware researchers haven't identified, although AES is the archetypal choice. This encryption feature blocks any media files that the SARS-CoV-2 Ransomware detects during its hard drive sweep, including Word documents, BMP or JPG pictures, or compressed archives like ZIPs. It also includes a separate (unrelated to the 'locking' feature) addition of the string from its name as an extension, which is cosmetic purely.
The SARS-CoV-2 Ransomware's text message is where it starts showing differences from other Trojans of similar aims like Hidden Tear, the Dharma Ransomware, or the STOP Ransomware. Although the note uses English, the phrasing is off significantly and even technical gibberish, in one case (referencing a so-called 'ballistic algorithm'). The message is a conversion from an automatic translation tool probably, showing that the threat actors are very likely to be non-native speakers from virtually anywhere in the world.
Squashing a File Pandemic before It Gets Too Far
The SARS-CoV-2 Ransomware is an amateur-level production that compares to more-streamlined and business-like approaches poorly, like most of the Ransomware-as-a-Service or RaaS sector. Despite its failings, it can harm dozens or hundreds of files relatively easily after infecting any vulnerable Windows system. No victims are paying the ransom it asks for, for now, but malware researchers can confirm its propagation throughout the wild.
The SARS-CoV-2 Ransomware's extortion attempt is of little to no concern for users with backups for recovering. Preventing infections also should be possible by simple means like using strong passwords for server logins, disabling Remote Desktop features, installing software updates, and avoiding questionable download links like illicit torrents. Most file-locking Trojans gain victims through 'lowest hanging fruit' tactics that are preventable readily.
Trustworthy anti-malware programs with Windows compatibility should delete the SARS-CoV-2 Ransomware before the encryption attack loads. Uninstallations in disinfection scenarios also should use similar solutions due to the dangers of the SARS-CoV-2 Ransomware's bundling with other threats.
The SARS-CoV-2 Ransomware is a disease with a readily-available cure, but few users are making use of it. Much like real-world Coronavirus victims who spread the problem by their unwise actions, the SARS-CoV-2 Ransomware is a burden, mostly, for those who aren't taking care of themselves or their files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.