Let’s Discuss and Analyze the COVID-19 Ransomware, then REMOVE IT!
The COVID-19 pandemic has been spread the whole world for over three months since February 2020 and more than 5,106,686 cases are confirmed until now (May 22 at 3:55 PM ). “In excess of 333,001 people have died in this pandemic and the number of deaths will keep increased.” reported by the World Health Organization. The outbreak of the Coronavirus strain undoubtedly gives people’s live enormous influence in every aspect no matter offline or online.
No, I’m not scaring you that you might have risks when taking activities online like working remotely, shopping online, viewing emails from customers/colleagues, etc, because of the COVID-19 pandemic. It doesn’t mean Coronavirus has the ability to attack and threatening your online behaviors but according to some reports from security researchers who work for Macfee, TrendMicro, Symantec, they confirm that COVID-19 pandemic is exploited by cyber actors to be used in a variety of malicious campaigns including email spam (Remove COVID-19 Phishing Email Virus), BEC, malware, ransomware, and malicious domains. MacUtility.com will keep launch a series of articles discussing all types of COVID-19 pandemic malware and share you with the most effective virus removal guides. Today we are going to talk about the COVID-19 ransomware.
What Is the COVID-19 Ransomware?
COVID-19 ransomware is a new member of ransomware-family designed by hackers to block users’ computers and encrypt all files on the infectious machine in order to blackmail money from unsuspecting victims. COVID-19 ransomware spreads to a target machine like a program installation, it uses COVID-19.exe or WSGSetup.exe (Victims unknowingly download the file WSGSetup.exe from the fake site.) executable file to start blocking and encrypting process. Some types of COVID-19 malware are released to steal usernames, passwords and credit card numbers stored in a user’s browser, however, the COVID-19 ransomware uses a more simple and crude method to extort money from victims by encrypting their files. Meanwhile, the virus will also block the computer screen and rewrite all files stored on the local disks. The pop-up message may inform victims that their files are now encrypted and they have to pay money to decrypt these files back. The threat authors scare victims to complete the payment in a very short time otherwise additional cost would be requested maliciously by the malware publishers. Victims will receive a warning message when getting COVID-19 ransomware on the computers.
“!!!CORONAVIRUS is there!!!
All your files are crypted.
Your computer is temporarily blocked on several levels. Applying strong military secret encryption algorithm.
To assist in decrypting your files, you must do the following:
1. Pay 0.008 btc to Bitcoin wallet bc1qjl0ufmwct84ww69zwyxe99gext7za6qkyhx200 or purchase the receipt Bitcoin;
2. Contact us by e-mail: and tell us this your unique ID: 7EA61278DFBAD65AE31E707FFE019711 and send the link to Bitcoin transaction generated or Bitcoin check number.
After all this, you get in your email the following:
1. Instructions and software to unlock your computer
2. Program – decryptor of your files.
Donations to the US presidential elections are accepted around the clock.
Desine sperare qui hic intras! [Wait to payment timeout 25 – 40 min]”
Another sample for the message when victims restart their infectious computer:
Moreover, in some of the cases, the screen of computers would be locked by this virus then users would keep receiving a warning message like this:
See? the “Remove virus” button on the bottom right is fake and it is not allowed to be clicked on. The only clickable button is the “HELP” but if you click on it you definitely will get another message notifying that you don’t have the authority to launch the Task Manager. You can imagine how hopeless it is!
Will the Security Problem be Resolved After I Pay Them the Money?
Unfortunately, the virus publisher won’t recover all the encrypted files though the payment has been sent in time. If victims pay hackers the fee then nothing would happen but just lose their money forever. It is no way to get money back even ask help from the police because nobody can track and find out the final recipient if trade bitcoin. The encrypted file still can not be open and visited because the COVID-19 encrypted virus still exists on the computer. Instead, the COVID-19 ransomware never stops its attempts to blackmail more money by performing other tricks. There is one important point that victimized users have to recognize is the best way to remove so notorious encrypted virus and reduce the damage of the file to the minimum. What victimized users have to do is to figure out the COVID-19 ransomware and fix it completely.
To remove the COVID-19 ransomware and recover all your files requires a certain level of computer skills. Therefore, you should follow the instructions step by step and delete the malicious files as we described in the guides very carefully.
How to Avoid COVID-19 Ransomware Attacking?
- Never open a suspicious email from strange people. Don’t be curious.
- Never supply any personal or financial information and passwords to anyone via email.
- Reject any “call to action” from the suspicious email, unreliable website.
- Double-check when trying to download software from fresh websites. You had better go to the official website for downloading.
- Keep your computer clean. Use an updated anti-virus. Keep all software on internet-connected devices – including PCs, smartphones, and tablets – up to date to reduce the risk of infection from malware.
- Scan executable files with the security program before you run it.
- Never visit gamble or porn websites.
- Reject any requirement of remotely controlling unless they from the authoritative organization.
- Turn off Bluetooth if it is not required for mobile service. Do not accept applications that are unsigned or sent from unknown sources.
- Block unnecessary incoming connections with firewall. This may help you avoid being attacked by the risky connections from the outside world.
- Use complicate password for your important account especially the financial account and confidential files. This can help you minims the losses once you get infection on the computer.
How to Remove COVID-19 Ransomware from Mac and Windows PC?
Tutorials for You to Remove COVID-19 Ransomware from Mac OS X Manually
Note: It is highly recommended you back up the important files on the computer before you follow the instructions in order to avoid any unexpected problems.
The traditional removal method will not completely uninstall from your Mac. Please follow the detailed instruction to remove COVID-19 Ransomware step by step. We will show you how to clean up the junk files and leftovers of this program.
Step 1. Terminate the process of the malware via Mac Activity Monitor.
* Click on Go in the taskbar and then select “Utilities”.
* Launch Activity Monitor by double-clicking it, change the filter into “All Process”, click on COVID-19 related App, and then click “Quit Process”.
You also can force quit the application by pressing Command+ Option+ Esc keys after you launch the Mac Activity Monitor. Choose “COVID-19 related App” when seeing this screen and click “Force Quit” to close down the process immediately.
Step 2. Please drag the icon of “COVID-19 related App” to the Trash.
Step 3. It is a very important step for you to remove the program entirely. You need to clean up the preference files, support files, caches, and all the useless files which are related to the malicious software.
1)Remove preferences files of “COVID-19 Ransomware”.
* Click on the “Go” menu of the taskbar and then select “Go to Folder”.
* Enter “~Library” in the blank box and then click on “Go” button.
* Here you will see the Preferences folder in Library, and open the folder and then delete all the files associated with “COVID-19 Ransomware”.
2) Clean up Caches of “COVID-19 Ransomware”.
From the Library menu, please find out the Caches folder and locate the files related to this application then trash all of them.
3)Remove support files of “COVID-19 Ransomware”.
Open the “Application Support” folder under “Library”, search for support files of it and then remove them to the Trash.
Step 4. Secure Empty Trash to completely delete all of the files about “COVID-19 Ransomware”.
Now, the main executive file and junk file generated by “COVID-19 Ransomware” have been removed into the Trash. The final step is to clear the Trash so that you can uninstall this program thoroughly from the Mac.
Remove “COVID-19 Ransomware” and Other PUPs Automatically for Mac. ( Recommended )
If you don’t have any security software running on your Mac, you’d better download and install one of the best anti-virus applications for Mac from the Internet market. This will absolutely keep your Mac far away from the Internet threats and meanwhile, all of your personal information would be protected when you are online or offline.
MacKeeper is a great and powerful utility designed specially for Mac which contains amazing functions to remove viruses including adware, spyware, Trojan, and malware from Mac OS X. Furthermore, this kind of software also helps users optimize the whole performance of Mac and recover their lost data. With this all-in-one Mac utility, you can remove the malware completely just in a few minutes. Moreover, MacKeeper provides users with live chat support services in order to help them resolve any Mac problems effectively.
How to use MacKeeper to remove COVID-19 Ransomware from Mac OS X
The”Internet Security” function of MacKeeper would help you remove COVID-19 Ransomware and other malware threats from your Mac. Just follow steps as below, you will easily resolve any Mac security problems and protect the whole Apple Mac OS X system.
1. Download MacKeeper from this link: MacKeeper Download Link ( It is safe and free for downloading)
2. Please install MacKeeper on the Mac and launch it.
3. You will see ”Internet Security” on the menu, select “Antivirus”, and click Start Scan to check the entire Mac for viruses—alternatively, click Custom Scan to check a specific folder or USB drive.
4. MacKeeper will scan for viruses, malware, Trojans, spyware, and other major threats.
5. If MacKeeper detects anything malicious, you can click Delete to remove this file or Quarantine to isolate it from infecting your Mac.
6. Next, select Adware Cleaner under Antivirus, and click Start Scan to check your Mac for adware infections.
7. If MacKeeper finds any adware, click Delete in the bottom-right corner of the window to remove it from your Mac.
8. Please restart your Mac to let changes take effect.
Tips to Remove COVID-19 Ransomware from Windows PC
Once the adware has installed and hidden in your Windows computer, you need to remove it first.
Step 1: Uninstall Adware Program from Windows PC Manually
Remove COVID-19 Ransomware from Windows 10 / Windows 8 manually
1. Open Task Manager by right-clicking the taskbar, and then clicking the Start Task Manager.
2. Terminate the process which occupies too much CUP usage and system resources.
3. Click “Start” —“Settings”—-“Control Panel”
4. Click on the “Uninstall a program” option under the “Programs” category.
5. You will see the currently installed programs listed in the ”Programs and Features” screen. Find the malicious program which has a similar name as COVID-19 then remove it. You also should uninstall any suspicious and unknown programs.
6. Open the “Registry Editor”. You still need to clean up the fake registry entries to remove the adware completely.
7. Search malicious files and registry entries related to COVID-19 Ransomware and then remove all of them:
Remove COVID-19 Ransomware from Windows 7 / Windows Vista / Windows XP manually
1. If your computer operating system is Windows 7, Windows Vista or Windows XP, please click the “Start” button, then click on the “Control Panel” menu option.
2. Click on the “Uninstall a program” option under the “Programs” category.
3. You will see the currently installed programs listed in the ”Programs and Features” screen. Find the malicious program which has a similar name as COVID-19 then remove it. You also should uninstall any suspicious and unknown programs.
4. Press Windows + R keys together, input regedit into the Run box and click on OK to open Registry Editor.
5. Search malicious files and registry entries related to COVID-19 Ransomware and then remove all of them.
Step 2: Remove Adware and Other Viruses from Windows PC Automatically (Recommended)
SpyHunter is a kind of powerful anti-malware program designed for the Windows system. With SpyHunter, you can easily remove COVID-19 Ransomware from your computer. Moreover, this security software also will help you clean up any other type of Internet threat even the latest malware spread all over the world. Please follow the tips below to remove the infectious files on your computer.
1. Download SpyHunter and install it on your computer. SpyHunter Download Link ( It is safe and free for downloading ). Please close down any open documents and running programs before you go to install it. Otherwise, it would forcibly terminate those programs.
2. Launch it directly and click the “Scan Computer Now” button to have a full scan for your computer.
3. Please click “Next” button after finish the scanning for your computer.
4. Please click the “Delete” button to remove the threats found on your computer.
5. “PUPs” displays potentially unwanted programs (PUPs) that were blocked and/or removed by SpyHunter 5’s System Guard. You also can select this option to clean up the potentially risky software on your computer.
6. Please restart your computer and let the changes take effect after you remove the malware with the program.
Now, the COVID-19 Ransomware should be removed completely and successfully from your computer. We highly suggest you keep the SpyHunter running the backstage to protect your computer from any potential malware threats.