- Home
- Detectable Ransomware
- DEcovid19
Ransomware Research
DEcovid19 Ransomware
DEcovid19 is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on January 1, 2021, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Covid19, BitchLock, Noputana, RapidRunDll.
Quick Facts
- Ransomware Family
- DEcovid19
- First Seen
- January 1, 2021
- Known Aliases
- Covid19BitchLockNoputanaRapidRunDll
How DEcovid19 Ransomware Works
Targeted Files
encrypted filenames -> A6GRWBHMYJ.covid19; HAPM8W6RBA.lock
File Encryption Patterns
DEcovid19 modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..covid19
..bitchlock
..lock
..bumcoder
..snoopdog
..locked
Ransom Note and Payment Demands
After encrypting files, DEcovid19 displays ransom notes demanding payment for file recovery:
!DECRYPT_FILES.txt
Ransom message:
notes/!DECRYPT_FILES.txt
Note locations:
EveryFolder
!!!_FILES_RECOVERY.txt
Ransom message:
notes/!!!_FILES_RECOVERY.txt
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with DEcovid19 ransomware:
svchost.com
svchost1.com
MSOHTMED.EXE
neshta.bin
wininst-9.0.exe
LogTransport2.exe
Au3Check.exe
wow_helper.exe
pingsender.exe
AcroTextExtractor.exe
kEpEnQq
upx.exe
maintenanceservice.exe
svchost
SVCHOST.COM
980bac6c9afe8efc_svchost.com
svchost.com.2992.dr
Neshta (2)
neshta_pure
avz00001.dta
svchost002.exe
d5c7b2e1fee30939f6de4ad22f6fcc3d_svchost.com.safe
ooo.com
file-4065521_dta
нешта.dta
WzHHHWUW.exe
FTS.bin
noputana.exe
FTS.bin.exe
RunAsDll.exe
FileLocker.bin
Elastio Can Help You
Don't let DEcovid19 ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This DEcovid19 ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like DEcovid19.
Last updated: July 30, 2025