Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Users Making Payment against Coverton Ransomware will Likely Never Retrieve Their Data

Quite recently, cyber-criminals released one fresh ransomware known as Coverton which executes AES+RSA encryption for locking users' data-files and asks for 1 Bitcoin each as ransom amount for the decryption code. A close examination of the malware shows there's no inherent flaw in the ransomware which if exploited could let users to perform the decryption without paying the ransom implying that it's cryptographically sound. Consequently, a few victims acquiesced with submitting the ransom. However, the decryptor received didn't work properly, the victims realized.

Thus, users getting contaminated with Coverton require considering again whether they should pay the ransom since the money could go waste. Coverton targets an enormous number of separate file types counting around 950, the maximum observed hitherto in any ransomware campaign during some time now. When the files are infected, the ransomware attaches extensions such as .czvxce, .enigma or .coverton to each encrypted filename.

Typically, hackers leave their ransom notice crafted within text/HTML formats inside all the folders whose files Coverton encrypted. The notice gives the instructions regarding the manner and place the ransom must be paid. For retrieving their data, victims must deposit 1 Bitcoin (USD400) for each bunch of decrypted data. Coverton as well erases shadow volume replicas for deterring the end-users from retrieving their files' previous editions already on the hard drive. Softpedia.com posted this, March 28, 2016.

Eventually, the ransomware transmits details including the time of starting the ransomware; the time of beginning and ending of the encryption stage; the total number of files locked; the encrypted files' aggregate magnitude; as well as other details to its remote CnC system. The transmitted details would subsequently be utilized when the payment website TOR would exhibit statistics.

Coverton's TOR payment website is named Coverton Decryptor. Here the victim would find all the details as described above along with his own distinct address which he must utilize for dispatching the 1-Bitcoin payment.

Logically, incase Coverton's operators do not get the right procedure for decryption, then for the majority of end-users, losses would be cut, as they could forgo making the ransom payment because they realized that their files couldn't ever be recovered.

» SPAMfighter News - 4/1/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page