CoV Ransomware Belongs to the Xorist Family of Clones

CoV is a ransomware variant associated with the Xorist family. Upon infecting a computer, CoV encrypts files and adds the ".CoV" extension to their filenames. Additionally, it alters the desktop wallpaper, displays an error message, and generates a ransom note titled "HOW TO DECRYPT FILES.txt."

To illustrate how CoV modifies encrypted file names, it transforms "1.jpg" into "1.jpg.CoV," "2.png" into "2.png.CoV," and so forth. The ransom note notifies the victim about the encryption of essential files and provides instructions for decryption. A ransom of 0.03 Bitcoin is demanded, with a specific Bitcoin address (wallet) specified for the transaction.

Upon payment, the victim is directed to contact the attacker via two email addresses: covina@tuta.io or covina1@skiff.com, with a designated subject line. Upon confirming the payment, the assurance is given to receive server keys and an automatic file decryption tool.

The note emphasizes a three-day payment window, after which the keys will be deleted, rendering file recovery impossible without the original keys.

CoV Ransom Note Demands 0.3 BTC as Payment

The complete text of the ransom note generated by the CoV ransomware reads as follows:

Hello,

All your important files are encrypted
if you want to decrypt them you have to pay me 0.03 bitcoin

Make sure you send 0.03 bitcoin to this address:
(alphanumeric string)

If you do not own bitcoins, buy from here:
www.paxful.com
You can find a larger list here:
hxxps://bitcoin.org/en/exchanges

After sending the bitcoin, contact me at this email addresses:
covina@tuta.io or covina1@skiff.com
with this subject: -

After payment confirmation, I will send you your server keys and decryptor to decrypt your files automatically.

You will also receive information on how to resolve your security issue to avoid becoming a victim of ransomware again.

From this moment you have 3 days to contact me to make the payment, otherwise I will delete the keys, and be sure that no one will be able to decrypt your files without the original keys, you can try but you will lose your time and your files.

How Can You Protect Your Data Against Ransomware Attacks?

Protecting your data against ransomware attacks is crucial for maintaining the security and integrity of your information. Here are several measures you can take to enhance your defense against ransomware:

Regular Backups:
Regularly back up your important data and ensure backups are stored offline or in a separate, secure environment. This allows you to restore your files without relying on paying a ransom.

Update Software:
Keep your operating system, antivirus software, and all applications up-to-date. Regular updates often include security patches that address vulnerabilities exploited by ransomware.

Email Safety:
Be cautious with email attachments and links, especially from unknown or suspicious sources. Avoid opening attachments or clicking on links in emails that seem unexpected or are from unfamiliar senders.

Firewall:
Enable a firewall on your network and individual devices. Firewalls act as a barrier between your computer and potential threats, blocking unauthorized access.

Access Control:
Implement the principle of least privilege (PoLP) to restrict user access to the minimum necessary for their roles. This helps limit the impact of a ransomware infection.