Coverton
NJCCIC Threat Profile
Original Release Date: 2016-07-06
One example of the Coverton variant.
Image Source: Bleeping Computer
Coverton targets Windows OS and, currently, the method of distribution is unknown. Once installed, it copies itself to %UserProfile%\userlog.exe and configures itself to automatically run when Windows starts. It then encrypts targeted files with AES-256 and creates a ransom note named “!!!-WARNING-!!!” in both .html and .txt formats. Encrypted files display the .coverton, .enigma, or .czvxce extensions. Coverton deletes Shadow Volume Copies to prevent file restoration. Some reports state that it leaves victims with corrupted files even if the ransom is paid and the decryption process has executed. Coverton demands a ransom payment of 1 Bitcoin.
- Bleeping Computer provides more information about Coverton here.
- The NJCCIC is not aware of any decryption tools available for Coverton.
Featured Content
- Sextortion & Romance Scams Continue with New Tactics>
- Increase in Reports of Gift Card Scams>
- Phishing-as-a-Service Operation Identified>
- Vaccination Lures in Recent Phishing Campaigns>
- Cryptocurrency Scams Increase>
- FortiGate SSL-VPN Credentials Leaked by Threat Actors>
- Microsoft Patches Several Actively Exploited Flaws>
- Updates Available for Actively Exploited Flaws in Apple Devices>
- Back-to-School Cybersecurity>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.