SARS-CoV-2 Ransomware
Anyone who keeps up with the news will recognize the name “SARS-CoV-2” as it is the official scientific name for the novel coronavirus. The name of this human virus is now being used as the name of a computer virus with SARS-CoV-2 Ransomware. This file-encrypting ransomware prevents users from accessing important data, including documents, images, videos, and more. The virus encrypts data and adds the “.SARS-CoV-2” file extension to infected files. Victims can only get their data back if they pay a ransom note in cryptocurrency, according to a ransom note.
Table of Contents
What does SARS-CoV-2 Ransomware Do?
The first thing the ransomware does after infecting a computer is search for documents and files to encrypt. SARS-CoV-2 ransomware encrypts these files when it finds them and adds the “.SARS-CoV-2” file extension to prevent users from accessing them.
SARS-CoV-2 then creates and displays a ransom note file called “RECOVER MY ENCRYPTED FILES.txt” on the desktop and in files with infected folders. This ransom note informs victims of how they can contact the people behind the attack and restore their data.
Propagation and Encryption
It is likely that the creators of the SARS-CoV-2 Ransomware are using various tricks to distribute this nasty threat. Many authors of ransomware utilize torrent trackers, unofficial activation tools for popular applications, bogus software updates and downloadvertisements, and corrupted advertisement campaigns. One of the most well-used tricks used by the creators of ransomware threats is fraudulent spam emails. The targeted user will receive an email that appears to come from a trustworthy source like a government body or a large organization. The dodgy email would either redirect the users to a corrupted file via a link or urge them to launch a macro-laced attached file that would compromise their systems once launched. The SARS-CoV-2 Ransomware is likely programmed to lock all files it comes across. If the SARS-CoV-2 Ransomware infects your computer, it may encrypt all the files present on your system – documents, spreadvertisementsheets, archives, databases, images, audio files, videos, etc. Once the encryption operation is completed, you will notice that the SARS-CoV-2 Ransomware has altered the names of your files by adding a ‘.SARS-CoV-2’ extension at the end of the filenames. For example, a file that you named ‘crimson-brick.jpg’ will be renamed to ‘crimson-brick.jpg.SARS-CoV-2.’
The Ransom Note
In the next phase of the attack, the SARS-CoV-2 Ransomware would drop its ransom note on the user’s system. The message of the attackers is contained in a file called ‘RECOVER MY ENCRYPTED FILES.TXT.’ The attackers demand to be paid $350 worth of Bitcoin. They provide their Bitcoin wallet address, as well as an email address where they can be contacted – ‘helpcov19@protonmail.com.’
The ransom note reads as follows:
RECOVER MY ENCRYPTED FILES.TXT:
SARS-CoV-2
All your files was encrypted with a strong Ballistic Algorithm.
And your files encrypted have the extension : SARS-CoV-2
Don’t worry, you can return all your files!
must follow these steps carefully to decrypt your data
1. Pay $ 350 worth of bitcoin to this wallet : 33TfaP7jyjUgGkXL9ifjnqssy9TyAWfV3a
2. To get this software you need write on our e-mail : helpcov19@protonmail.com
After all this, you get in your email the decryptor
Unfortunately, there is currently no way to undo the damage caused by SARS-CoV-2 without intervention from the hackers behind the attack. It could be possible in the future if cybersecurity experts can exploit a flaw in the virus, though. Users should never pay the ransom and should instead restore their data from a back-up. If you don’t have a back-up, then, at the very least, you can copy the encrypted files in the hopes of being able to decrypt them later.
How Does SARS-CoV-2 Infect Computers?
Like many similar viruses, the SARS-CoV-2 ransomware is primarily distributed through spam emails. The emails have infected files attached to them that users are tricked into accessing. Here are the primary ways that this ransomware spreads across the internet to your computer;
Emails
Cybercriminals exploit their victims by sending out spam emails. The emails have false header information to trick users into believing it comes from a shipping company. The email says that the company in question attempted to deliver a package to you but failed. The emails may also claim that a shipment you made couldn’t be completed for some reason.
Readers are tempted to access the attached file to find out what happened to their package. Once the user accesses the attached file or clicks on the link included with the email, their computer is infected.
Program Exploits
Security researchers have seen ransomware attack victims by exploiting potential vulnerabilities in software programs and computer operating systems. These exploits target the operating system, internet browsers, third-party installations, and Microsoft Office.
Protect Yourself and Your Computer
There are several steps you can take to protect yourself and your computer from SARS-CoV-2 and other ransomware. The most important thing to do is to avoid opening email attachments and links if you aren’t sure of the source. If in doubt, don’t do it. It’s also worth keeping a robust back-up schedule where you regularly back-up data on your computer. The more copies you have of essential data, the better. That way, even if someone does infect your computer and lock your files away, you can just restore them and get on with your day.
Don’t forget to keep your applications, programs, and operating systems up to date. The constant updates can be overwhelming, but most updates are issued to patch exploits that viruses use to infect computers. Keep your computer up to date, and you’ll have a lot less to worry about in terms of viruses, malware, and ransomware.
