Users Making Payment against Coverton Ransomware will Likely Never Retrieve Their Data

Quite recently, cyber-criminals released one fresh ransomware known as Coverton which executes AES+RSA encryption for locking users' data-files and asks for 1 Bitcoin each as ransom amount for the decryption code. A close examination of the malware shows there's no inherent flaw in the ransomware which if exploited could let users to perform the decryption without paying the ransom implying that it's cryptographically sound. Consequently, a few victims acquiesced with submitting the ransom. However, the decryptor received didn't work properly, the victims realized.

Thus, users getting contaminated with Coverton require considering again whether they should pay the ransom since the money could go waste. Coverton targets an enormous number of separate file types counting around 950, the maximum observed hitherto in any ransomware campaign during some time now. When the files are infected, the ransomware attaches extensions such as .czvxce, .enigma or .coverton to each encrypted filename.

Typically, hackers leave their ransom notice crafted within text/HTML formats inside all the folders whose files Coverton encrypted. The notice gives the instructions regarding the manner and place the ransom must be paid. For retrieving their data, victims must deposit 1 Bitcoin (USD400) for each bunch of decrypted data. Coverton as well erases shadow volume replicas for deterring the end-users from retrieving their files' previous editions already on the hard drive. Softpedia.com posted this, March 28, 2016.

Eventually, the ransomware transmits details including the time of starting the ransomware; the time of beginning and ending of the encryption stage; the total number of files locked; the encrypted files' aggregate magnitude; as well as other details to its remote CnC system. The transmitted details would subsequently be utilized when the payment website TOR would exhibit statistics.

Coverton's TOR payment website is named Coverton Decryptor. Here the victim would find all the details as described above along with his own distinct address which he must utilize for dispatching the 1-Bitcoin payment.

Logically, incase Coverton's operators do not get the right procedure for decryption, then for the majority of end-users, losses would be cut, as they could forgo making the ransom payment because they realized that their files couldn't ever be recovered.

» SPAMfighter News - 4/1/2016