Click on screenshot to zoom
Danger level 6
Type: Trojans

CovidWorldCry Ransomware

There are people who are willing to exploit a vulnerable situation to their own benefit. The creator of CovidWorldCry Ransomware is one of those people. While it does not look like the infection is targeted at anyone specifically, its name is clearly meant to ramp up the fear surrounding the worldwide COVID-19 pandemic. Without a doubt, if you are suffering health-related or economical effects of the pandemic, the last thing you need is to have all of your personal files encrypted. Unfortunately, this malware does not pick and choose who to attack. The only condition is that you operating system has to be vulnerable. If your system is not guarded by security software, if there are security updates missing, if your version of the OS is no longer supported (e.g., Windows 7 or Windows XP), and if you are not taking good care of the system yourself, malware can slither in without you knowing about it. Unfortunately, you cannot restore files by removing CovidWorldCry Ransomware, but of course, you must delete it ASAP.

According to our researchers, CovidWorldCry Ransomware is very similar to Zeronine Ransomware, Jope Ransomware, Jest Ransomware, and most other file-encrypting threats. They usually exploit RDP vulnerabilities, spam emails and bundled downloaders to expose careless Windows users to malicious .exe files. Of course, they are concealed. For example, if the launcher hides within a spam email, it could be introduced to you as a document attachment. If the launcher is carried using a malicious downloader, it could be introduced as an .exe file of a desirable, harmless application. Regardless of how this malware slithers in, if it succeeds, it immediately encrypts your personal files. Afterward, you should find the “.corona-lock” extension appended to all of their names. Due to this, some people might identify this threat as Corona Lock Ransomware, but do not mistake it for Coronavirus Ransomware or CovidLock Ransomware. The added extension can be removed, but that will not make your files readable again. If you want to read them, you have to decrypt them, and that is not something you can do yourself.

Once CovidWorldCry Ransomware encrypts your files, a file named “README_LOCK.TXT” is dropped onto the Desktop. This file belongs to malware, but it is a real text file, and so you can open it without causing more trouble. The file carries a message, according to which, ChaCha and AES encryption ciphers have been used to lock your files and make them unreadable. The message suggests that you cannot use other decryption tools or use the help of “data recovery companies.” While at the time of research we could not find a legitimate third-party decryptor that could help the victims of CovidWorldCry Ransomware, warnings against using such tools and services are there to intimidate you and make you more compliant. What the attackers want is that you contact them ( and then pay a ransom in return for the so-called “RSA private key.” Would the attackers give you a decryptor if you paid the ransom? You never know, but if we had to bet, we would put all of our money on you not getting a thing. Unfortunately, cybercriminals cannot be forced to keep their promises, and because they are likely to make you pay the ransom in an anonymous way, you are unlikely to be able to get it back as well.

Needless to say, CovidWorldCry Ransomware is one devious infection. Hopefully, not all is lost if your files were corrupted by this pest. If you have backup copies of all important files stored somewhere safe, you do not need to even think about complying with the attackers’ demands. What you need to do is delete CovidWorldCry Ransomware and then replace the corrupted files with those backup copies. Of course, copies must be stored outside the computer (on external or virtual drives) because if they are simply stored in a different folder, the infection can encrypt them too. Hopefully, you have a way out, and you do not even need to consider contacting cybercriminals and then paying the ransom. Note that even if it is small, you are unlikely to get a decryptor in return for your money. When it comes to the removal of the infection, it looks that it removes itself. However, do not take our word for it. Implement a trusted malware scanner to inspect your system or, better yet, install an anti-malware tool that will simultaneously scan the computer, remove threats, and most importantly, secure your operating system.

CovidWorldCry Ransomware Removal

  1. Go through recently downloaded files to check for malware. Delete malicious files if found.
  2. Delete the ransom note file named README_LOCK.TXT from the Desktop.
  3. Install a trusted malware scanner and perform a full scan. Note that even though the ransomware should remove itself after file encryption, no one can know when this malware might evolve or fail.
Download Spyware Removal Tool to Remove* CovidWorldCry Ransomware
  • Quick & tested solution for CovidWorldCry Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.