Threat Database Ransomware Ncovid Ransomware

Ncovid Ransomware

Cybercriminals have released a new variant based on the previously detected RIP lmao Ransomware, which is called Ncovid Ransomware. Upon infecting a computer, the threat will initiate an encryption routine involving a strong cryptographic algorithm. As a result, files stored on the compromised device will be rendered both inaccessible and unusable. Usually, encrypted files cannot be restored without having the decryption key possessed by the hackers, unless a bug or weakness is discovered in the underlying coding of the threat. Currently, there are no decryptors for the Ncovid Ransomware.

The threat marks every affected file by appending '.ncovid' to its original name as a new extension. Upon completion of the encryption process, the Ncovid Ransomware proceeds to drop its ransom note with instructions for the victim. The threat is programmed to create a pop-up window and text files named '___RECOVER__FILES__.ncovid.txt.' 

The notes in the two sources differ. The pop-up window's message is extremely brief and lacks essential details. Instead, it tells users that their files have been encrypted and now they have the option to reinstall the system. The proper ransom note is contained inside the text files. It clarifies that the hackers demand to be paid a ransom of exactly 1 Bitcoin. This is a massive sum for most individuals as currently, the exchange rate of the cryptocurrency stands at 1 BTC (Bitcoin) for $52,000 approximately. The money should be sent to the provided crypto-wallet address, after which the victims are expected to initiate contact by sending a message to the '' email address. Inside the text file is also a list of every file encrypted by Ncovid Ransomware.

The full text of the note delivered through the text files is:

'All of your files have been encrypted.

To unlock them, please send 1 bitcoin(s) to BTC address: 4HD74J5gd6G6f6jj49786

Afterwards, please email your transaction ID to:

Thank you and have a nice day!

The pop-up window carries the following message:

Your files have been encrypted

Coronavirus ransomware

Your files have been encrypted by special algorithm. The only option is to reinstall the system. have a nice day.'


Most Viewed