Ada Covid Ransomware Description
Many cybercriminals are attempting to use the COVID-19 pandemic plaguing the globe to generate revenue. The creators of the Ada Covid Ransomware are no exception. Recently, malware researchers have noticed a great increase in the number of online cons, nasty malware threats, and other fraudulent schemes that try to use the Coronavirus outbreak to trick users.
Propagation and Encryption
It is not disclosed what is the infection vector used in the propagation of the Ada Covid Ransomware. It is likely that the perpetrators are using a combination of distribution methods that include malvertising, torrent trackers, dodgy activations tools, bogus application downloads and updates, spam emails containing corrupted macro-laced attachments, etc. Once the Ada Covid Ransomware manages to infiltrate your computer, it will begin its encryption process. After applying a secure encryption algorithm, the Ada Covid Ransomware will have all your data locked. This means that all of your images, documents, audio files, videos, spreadsheets, databases, archives, presentations, etc. will no longer be usable. Most ransomware threats are programmed to target as many filetypes as possible. The more files the data-locking Trojan encrypts, the more likely it is for the victim to consider paying the ransom fee demanded by the attackers. The Ada Covid Ransomware adds a '.pdf.pdf' extension to the names of all the affected files. For example, if you had named a file 'blossoming-tree.mp3,' the Ada Covid Ransomware will rename it to 'blossoming-tree.mp3.pdf.pdf.'
The Ransom Note
Next, the Ada Covid Ransomware will drop a ransom note on the user's system. The name of the note is 'Name of your explain.txt.' The message of the attackers is very brief. They inform users that their data has been encrypted. The authors of the Ada Covid Ransomware demand to be contacted via WhatsApp and provide a phone number for this purpose – '+441904501029.' Interestingly enough, malware researchers state that the creators of the Ada Covid Ransomware have distributed another data-locking Trojan previously, as the same phone number is used in campaign propagating the Gesd Ransomware.
It is advisable to avoid contacting cybercriminals. Even users who pay the fee demanded are likely never to receive what was promised to them – the decryption key they need to recover their files. This is why you should consider investing in a legitimate anti-virus software solution that will remove the Ada Covid Ransomware from your computer and protect you in the future.