1 of 4
Danger level 7
Type: Trojans

Coverton Ransomware

Coverton Ransomware is a computer infection that might sneak onto the computer at any time. In most cases, it slithers onto those computers that do not contain a security tool and there are security loopholes on them. Coverton Ransomware does not try to hide itself, so you will immediately understand that this infection has entered your system if this really happens. The first symptom that Coverton Ransomware is installed is the inability to open files stored in the Documents/My documents directory. Unfortunately, documents and pictures in other directories might be touched too. It is known that Coverton Ransomware encrypts files because it simply seeks to extort money from innocent computer users. In our opinion, it is not the best idea to pay money for cyber criminals, which is why we suggest that you simply remove the ransomware infection from the system. We will tell you how you can restore your files without paying money in this article, so continue reading it.

Researchers at pcthreat.com have managed to find out that users usually download the Coverton Ransomware dropper to %TEMP% or %USEPROFILE%\downloads folders. Then, this dropper installs the executable of the ransomware infection to different places, e.g. %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup and %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup. We are sure that you will immediately notice that something is wrong if this ever happens. As we have already told you, your documents and pictures will be encrypted immediately after this ransomware infection sneaks onto the computer. It is not hard at all to recognize those encrypted files – there will be the .Coverton extension added to each of them. Unfortunately, all these files are encrypted using the AES-256 encryption algorithm, which means that it is very hard to decrypt those files.

Coverton Ransomware will create two files (e.g. !!!-WARNING-!!!.txt and !!!-WARNING-!!!.html ) and will put them together with those encrypted files in order to inform users. If a user opens any of them, he/she is immediately informed about the encryption:

All your files on hard drives, removable media and network files were encrypted by a cryptographically strong algorithm AES-256 with encryption key RSA-2048

In addition, users are informed that they need to download the TOR Browser and open the given link in order to get the full instructions. Have you already copied and pasted lnc57humvaxpqfv3.onion/?id=b0c0703268a84f4118fcac in the address bar? If so, there is no doubt that you have opened the web page and now see that you need to pay 3 BTC within the given time frame. Users who are planning on transferring money will find instructions on how to create the Bitcoin wallet and buy Bitcoins there too. In our opinion, you should not pay money for cyber criminals because nobody knows whether your files will really be unlocked. In addition, the ransomware infection will not disappear from your system even if you pay money, so there is a slight possibility that it will encrypt your new files once again. Users who are not going to pay money can restore their files too. They simply need to transfer files to their computers from backups, e.g. USB flash drive. Of course, it is not possible to do that if a user has never backed up files stored on the computer.

There are so many ransomware infections seeking to enter systems these days, so you have to be very careful all the time. Research carried out by our specialists has shown that ransomware infections usually sneak onto computers the moment users open the spam email attachment. Of course, this might happen if a user visits an untrustworthy web page or download a package of unreliable software too. Luckily, it is possible to prevent this from happening quite easily. All you need to do is to install a security tool on the system and keep it enabled 24/7.

It is not so easy to remove Coverton Ransomware manually because this infection installs executable files to different directories. In order to help you to get rid of this infection, specialists working at pcthreat.com have prepared the manual removal instructions for you – you will find them below this article. Of course, Coverton Ransomware will also disappear if you scan your system with a reputable antimalware scanner, e.g. SpyHunter. Unfortunately, this does not mean that your files will be decrypted.

Delete Coverton Ransomware

  1. Open the Windows Explorer.
  2. Find and delete suspicious files from %TEMP% and %USERPROFILE%\directories.
  3. Go to %WINDIR%\System32 and %WINDIR%\SysWOW64.
  4. Locate and remove crrss.exe.
  5. Check each of the following directories and delete files with random names from them:
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
  • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup

Do not forget to scan the system with an automatic scanner in order to take care of other existing infections too. You can find out whether they are really installed by scanning the system with the diagnostic SpyHunter scanner. It can be easily downloaded from our web page – click on the Download button.

Download Spyware Removal Tool to Remove* Coverton Ransomware
  • Quick & tested solution for Coverton Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.