ComputerDestroyer Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 16,290 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 608 |
| First Seen: | January 19, 2011 |
| Last Seen: | June 26, 2023 |
| OS(es) Affected: | Windows |
Although its name doesn't hint, the ComputerDestroyer Ransomware is another COVID-19-themed threat. The ComputerDestroyer Ransomware's goal is to lock its victims' screen and files. Computer users that visit torrent websites, open corrupted advertisements, and email attachments from unknown sources can be infected by the ComputerDestroyer Ransomware unknowingly.
Table of Contents
What Does ComputerDestroyer Do?
ComputerDestroyer is programmed to display two pop-up windows. One of these windows contains a message that the computer has been infected with the coronavirus and appears before users log in. The other window says that the machine has been locked, and users can’t access their data without a decryption key.
The primary goal of ComputerDestroyer is to prevent victims from accessing data. It does this by locking the screen and demanding they purchase a decryption key from the developers, who they can contact through one of the email addresses provided. It’s unknown if paying the ransom actually leads to files being decrypted or not. Researchers recommend against paying off the attackers. It’s all too common for cybercriminals to scam their victims instead of giving them the promised decryption key. The most effective way to get your files back would be to restore them from a backup.
Does the ComputerDestroyer Ransomware Encrypt the Victims’Files?
Once installed on the infected machine, the ComputerDestroyer Ransomware will start its harmful tasks. Malware researches are not aware, yet, if the ComputerDestroyer Ransomware encrypts the victim's files. What they know is that its victims will have a useless machine, until they find a way to reverse the ComputerDestroyer Ransomware actions. To warn the victims about why their computers are inoperative, the criminals display a pop-up saying:
'All your files has been encrypted by corona virus.
No one can recover your files without my decryption code.
computerdestroyer0108@gmail.com.
Code to Decrypt'
These computer locking viruses are designed to prevent users from logging in and accessing files. The aim is to extort the victims into paying a ransom. Screen lockers don’t use the same kind of encryption methods as ransomware, however. This kind of malware is considered to be non-encrypting.
How Does ComputerDestroyer Infect Computers?
There is no specific method of infection for ComputerDestroyer. It spreads through malicious file downloads, spam email campaigns, illegal downloads, fake software updates, and cracking tools. Trojans help spread other viruses and ransomware as well.
Threat actors send out a large number of spam emails in what is known as a “spray and pray” campaign. The hope is that even a handful of people will open the email and download the attachment that places the virus on the computer. Ransomware spreads through peer-to-peer file sharing, file hosting websites, freeware downloads, unofficial websites, and third-party downloaders. These downloads look harmless and legitimate. When executed, however, they install malware on the computer.
Avoid computer virus infections by following best practices when online; don’t download anything attached to a suspicious or unsolicited email or files from other dubious sources. Don’t forget to keep software updated and have regular backups of your data.
How to Protect Against Malware Infections
Understanding how malware spreads is the first step to understanding how to prevent infections. You should never open any links from suspicious and unsolicited emails. Take note of who the email comes from and, if it claims to be from a legitimate source, check for any obvious mistakes such as grammar and spelling mistakes.
Having to update your software regularly can feel like a drag, but it is worth taking your time to do it. Make sure that any updates you install come from official channels and trusted third-party mirror sites. Malicious third-party updaters may infect computers with malware such as the ComputerDestroyer screen locker virus.
In a similar vein, avoid using third-party illegal activation tools for products. Not only is pirating software and activating it illegal, but it also opens the door for malware. Many activation tools just infect computers rather than activating the software as promised. Purchasing software legitimately is the only way to ensure that you don’t get your computer infected.
Make sure to scan and update the operating system on your computer regularly. Many malware programs are made possible thanks to flaws in operating systems. These flaws and vulnerabilities are quickly patched out, but it’s only by updating your computer you can get access to that patch.
SpyHunter Detects & Remove ComputerDestroyer Ransomware
Directories
ComputerDestroyer Ransomware may create the following directory or directories:
| %homedrive%\wh |
