Covm Ransomware

Covm Ransomware is one of the threats that belong to the Stop Ransomware family. Like most of the malware from this family, the malicious application encrypts victims’ files and shows ransom notes. Such notes should urge users to contact the threat’s creators in 72 hours and get a 50 percent discount that would allow you to buy offered decryption tools cheaper. The problem is that there are no guarantees that such tools will be delivered. That is because hackers are not trustworthy people, and there is always a chance that they could be trying to scam their victims. Therefore, we advise not to rush and think carefully about what should be your next step after encountering this malicious application. If it is to erase Covm Ransomware, we can offer our removal instructions available below this article. As for learning more about the infection, we encourage you to read our full article.

Many users encounter threats like Covm Ransomware unknowingly. It usually happens while interacting with unreliable files, for example, email attachments from unknown senders or installers from file-sharing web pages. This is why our researcher advice never to interact with data if you are not one hundred percent sure that it is safe to do so. If you have any doubts, it is always safer not to interact with questionable files or scan them with a reliable antimalware tool first. Also, users who are trying to avoid such threats should know that some of them enter systems by exploiting vulnerabilities like unsecured RDP (Remote Desktop Protocol) connections, weak passwords, or outdated software. Thus, if you know that your system has such vulnerabilities, it would be a good idea to take care of them as fast as possible. Plus, we advise having a reputable antimalware tool that could protect your system against various threats.

What happens if Covm Ransomware gets in? Our researchers say that users might not realize what happened for quite some time. Apparently, such threats try to avoid detection until they finish encrypting all targeted files. The malware should be after personal data, in other words, it should leave program data alone and encrypt pictures, various documents, videos, and files alike. After being encrypted, the targeted files should be marked with a second extension called .covm, for example, birds.jpg.covm. It is vital to mention that files that get encrypted are not damaged as they can be restored, but it is only possible if a user has special decryption tools. Unfortunately, the malware’s creators could be the only ones who could have the needed decryption tools. To make matters worse, their ransom note, which Covm Ransomware should drop shortly after encrypting all targeted data, should say that users have to pay for decryption tools. The sum is not enormous, but it is not small either.

To be more precise, Covm Ransomware’s creators could ask you to pay 980 US dollars. As mentioned, earlier they may offer you a 50 percent discount if you contact them in 772 hours. Thus, you might be asked to pay 490 US dollars instead. Still, the price might be significant, considering that you would be asked to pay it for tools that you might never get. As said earlier, hackers cannot be trusted, and there is always a chance that they could scam victims. For instance, they could ask for more money or never send the promised decryption tools. This is why, we advise thinking carefully before you decide what to do. Know that if you have a backup, you could replace encrypted files with copies from it, in which case, you might not need the decryption tools.

No matter what you choose to do about the hackers' offer, we advise deleting Covm Ransomware because it could be dangerous to leave it on your system. Our researchers say that the malware might be able to restart with the operating system, which means it is possible that it could start the encryption process once again too. If you want to try to remove it manually, you could use the instructions available below. However, the task could be challenging, and if it seems too difficult, it might be easier to install a reliable antimalware tool, perform a full system scan, and erase Covm Ransomware by pressing the displayed removal button.

Restart the computer in Safe Mode

Windows 8/Windows 10

1. Press Win+I for Windows 8 or open Start menu for Windows 10.
2. Click the Power button.
3. Tap and hold Shift, then click Restart.
4. Pick Troubleshoot and choose Advanced Options.
5. Go to Startup Settings and click Restart.
6. Click F5 and restart the PC.

Windows XP/Windows Vista/Windows 7

1. Go to Start, select Shutdown options, and pick Restart.
2. Click and hold F8 when the PC starts restarting.
3. Select Safe Mode with Networking.
4. Press Enter and log on.

Remove Covm Ransomware

1. Press Win+E.
2. Check these locations:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
3. Look for the threat’s installer, e.g., updatewin.exe; then right-click it and press Delete.
4. Then locate these paths:
   %USERPROFILE%\Local Settings\Application Data
   %LOCALAPPDATA%
5. Find the threat’s created directories with random names that should contain copies of the malware’s launcher (e.g., 2a9ea166-82c4-499d-9f16-9e28ac1b8ef4), right-click them, and press Delete.
6. Find this path: %WINDIR%\System32\Tasks
7. Look for a file called Time Trigger Task or similarly, right-click it and choose Delete.
8. Exit File Explorer.
9. Press Win+R.
10. Type Regedit and press Enter.
11. Go to this path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
12. Find a value name called SysHelper, right-click it, and press Delete.
13. Exit Registry Editor.
14. Empty Recycle bin.
15. Restart the system.