Coronavirus Ransomware
News | 03/16/2020

Threat Actors execute Coronavirus Ransomware, leverage global epidemic

About: The devious new Coronavirus Ransomware attack encrypts files & demands hefty ransom in Bitcoins. It is delivered on the systems followed by a phishing attack. Read on to know how to prevent its attack amidst the global Coronavirus pandemic.

| News | Threat Actors execute Coronavirus Ransomware, leverage global epidemic

While the fatal Coronavirus Pandemic has swept across the globe, cybercriminals seem to be leveraging this global concern to the utmost. Yes, a new strain of the File-Encrypting Virus, Coronavirus Ransomware is currently posing a great threat to the computer users around the world.

According to a recent tech report by the RiskIQ, large businesses & corporations are the main targets of the new Coronavirus Ransomware.

Coronavirus Prime Targets

An extensive analysis reveals that the threat actors, at first, infect the systems with malware such as Emotet & AZORult & then carry out the new Ransomware Attack against the victims. Once the files are encrypted, it demands ransom to be paid in Bitcoins to retrieve the encrypted data.

One of the cyber-security companies reported that the main objective of Coronavirus Ransomware developers is to deliver & install a nasty data-gathering Trojan named Kpot Infostealer.

This devious Trojan is prevalent in the cyber-world since past many years & suspected to have received numerous changes. It is known for stealing sensitive information of the users such as passwords, login credentials from banking websites, gaming apps, web-browsers & crypto currency wallets.

Who are primarily at risk from the new Coronavirus ransomware?

According to the sources, Coronavirus Ransomware Attacks will primarily target large corporations & businesses that depend on markets & supply chains in China & several Coronavirus-infected countries.

The reason – Employees at the organizations have heightened their interest in the latest news, updates & developments related to this wide-spread fatal COVID-19. This has made them potentially more susceptible to social engineering – which can trick them to click on malware-laden links & ultimately install Ransomware on their systems.

One of the strains of Coronavirus Ransomware Phishing E-mails reads as follows:

Text of Corona Phishing E-mail

After the installation, the ransomware takes over the system, encrypts the targeted file extensions and thus restricts the users from accessing the files. It then demands hefty ransom amount in Bitcoins in exchange of the decryption tool & unique private key.

The analysis reveals that threat actors execute attack campaigns in layers. The system is first infected with phishing & other social engineering techniques. Once infected, the system is then completely taken over by delivering ransomware & other malware.

Spread Techniques of Coronavirus Ransomware

The researchers claim Coronavirus Ransomware is possibly using two techniques to spread the infection. Both techniques are said to be the result of the phishing campaigns.

The first spread technique involves the usage of AZORult Malware. It is said to be the source of the phishing campaign that was being used to target the shipping industry earlier this year.

Since 2018, the researchers have witnessed the usage of AZORult on at least 3 different occasions to install Ransomware.

Spread Techniques - Coronavirus

The second phishing campaign that delivers Coronavirus Ransomware uses the nasty Emotet Trojan. Most of the confirmed cases have been reported from Japan. The victims received devious e-mails that claimed to contain vital information about Coronavirus Epidemic. However, a mere click on the given link would install & activate Emotet on the user’s system.

The reports state that in September 2019, Emotet developers partnered with Trikbot & Ryuk Ransomware. The alliance was done to over an organization’s network completely.

Secondary Targets of the Novel Coronavirus Ransomware could include health organizations & public health departments that are continuously involved in tracking the spread of the virus, providing medical assistance & finding the cure. It could possibly also impact the individuals & institutions that seek general information about the impact & spread of the COVID-19 on the internet.

Possible Precautionary measures against the Coronavirus Ransomware Attacks

  1. Keeping the Operating System Updated- In order to remain protected and avoid such infections, it is recommended to keep your Operating System updated by enabling the automatic update on your system. The systems with outdated or older versions of Operating System become an easy target for the attackers.
  2. Resist clicking on spam emails – One of the major techniques used for malware distribution is forwarding spam emails to the user. The system gets infected as soon as the user clicks on the attachment. These mails appear to be genuine, so be aware and resist falling for these tricks.
  3. Keep an eye on third party installations- It is quite important that you take due care while installing any third party applications for they are major source of such infections. Such malware programs come bundled with the free applications thereby requiring the user to remain cautious.
  4. Regular periodical backup- In order to keep your data and files safe, it is recommended to take regular back up of all your data and files either on an external drive or cloud.
  5. Use Anti-Virus Protection- We strongly recommend the use of antivirus protection/internet security in your PC like Vipre and BULL GUARD so that it remains safe.
  6. Enable the Ad Blocker/Popup Blocker in your browser- Enabling the popup blocker/ ad blocker in your chosen browser will help you to stay protected from annoying adware.

Hits: 440

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866