Coverton Ransomware Removal Guide

Do you know what Coverton Ransomware is?

Coverton Ransomware could mean a catastrophic blow to your computer and your files if this Trojan infection finds a way to infiltrate your operating system. As its name suggests, this malware can covertly appear on your computer, and when you realize its presence, it is already too late – all your documents and picture files have been encrypted. Unfortunately, you cannot access your files without the private key that is generated during encryption and most probably kept on a secret server. In a warning message you are informed about the fact of the attack and what you are supposed to do to be able to decrypt your files. These criminals demand a rather steep price for private computer users. But nobody can actually guarantee that after transferring the ransom fee you will really get the promised decryptor. If you have no copies of your files saved on external drives or online cloud storages, it is possible that you will never be able to use them again. But even in this nightmarish situation you need to think straight and do what is best for your computer. According to our researchers, you must remove Coverton Ransomware immediately, if you do not want to give in to cyber criminals and you want to be able to use your computer.

There are two main channels through which this dangerous Trojan ransomware can sneak onto your PC. Understanding these may help you prevent future attacks from happening. Our researchers say that the current trends show that criminals tend to exploit browser vulnerabilities, i.e., Java and Flash driver bugs. Thus, they can setup malicious websites which you only need to load into your browser and a malicious code can access your computer through the security holes and drop this Trojan on board. In order to avoid this kind of malicious attack, you should regularly update your browsers as well as your Java and Flash drivers. However, be very careful to always do it through their official sources because malicious websites and unreliable third-party ads can also pose as software or driver updaters.Coverton Ransomware Removal GuideCoverton Ransomware screenshot
Scroll down for full removal instructions

Another way for this Trojan to appear on your computer is through the good old spam e-mail trick. Crooks can target you with a spam e-mail that may contain a corrupt link in the body or infected file attachments, such as image or video files. One single click on such content can also drop this malware onto your machine. Therefore, we suggest that you be extra careful every time you skim through your mails. Opening a spam mail may trick you into clicking on its content and you may not even realize what is happening in the background until it is too late. Try to make sure that the mail you open and the attachments you download are actually for you personally to receive. If this Trojan shows up on your computer, you will have no time to stop it. Your only solution is to delete Coverton Ransomware if you do not want your new files to fall prey to this beast.

According to our researchers, this ransomware uses the AES-256 encryption algorithm, which is a built-in Windows algorithm. This means that most probably the whole encryption process will not take more than minute. This infection changes all the encrypted file names to have a “.Coverton” extension. Your infected files will therefore look something like: “photo.jpg.Coverton.” Once the damage is done, this Trojan displays a warning message from which you are informed what has happened to your files and also, what you have to do to recover them. You are given a website to access through the Tor browser where you will find more detail about the payment.

The criminals who are responsible for this dangerous threat demand 3 BTC (Bitcoins), which is around 1240 USD based on the current rate. You have approximately 4 days to pay this amount if you ever want to see your files again. It is obviously your choice how you decide, but we still need to remind you that paying these criminals may not give your files back. What if you pay and you will not get the decryptor? Please also consider whether your files are worth this much at all. For a bunch of old Word documents and photos it may be a bit steep price to pay. Trojans does have a strong message, though: You must start making regular backup copies of your personal files onto an external hard disk. You may think that a cloud store is also a good idea, but let us tell you that certain Trojan ransomware programs can actually access those storages through your PC and infect all target file extensions.

No matter how you decide, there is one thing that you must do to avoid any further complications: You must remove Coverton Ransomware ASAP. Even if you end up paying the ransom fee, you cannot leave this threat active on your system. Fortunately, this ransomware does not block any programs from running; therefore, you do not need to restart your PC in Safe Mode. After deleting all the mess this infection has created, you should be free of this threat. Please follow our manual instructions carefully to eliminate this serious malware infection. If you want to protect your machine from future attacks, we recommend that you use a professional anti-malware program. If you need assistance to delete Coverton Ransomware, please leave us a comment below.

Coverton Ransomware Removal from Windows

  1. Press Win+E to open File Explorer.
  2. Locate and delete the dropper in %TEMP%, %USERPROFILE%\downloads folders, or where you may have downloaded the malicious file. This file name might be random, so check all suspicious files you have downloaded lately.
  3. Locate the random-name executable file and remove all occurrences:
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup (Windows XP)
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup (Windows XP)
  4. Locate and remove "crrss.exe" in these directories:
    %WINDIR%\SysWOW64 (64-bit only!)
  5. Empty your Recycle Bin.
  6. Restart your PC.

In non-techie terms:

Coverton Ransomware is a severe Trojan ransomware attack against your computer and specifically affecting your documents and image files. If this infection slithers onto your system, it encrypts the targeted extensions in no time. You will only be able to decipher your files if you get hold of the private key. This key is only available through the criminals who attacked you with this infection. You are supposed to pay around $1240 to purchase the decryptor. This malware is a major blow to your computer and it is possible that despite your payment you will not be able to access them again. Therefore, we advise you to delete Coverton Ransomware right away. If you do not want to use the manual method, we suggest that you go for an automated malware removal tool.