While the fatal Coronavirus Pandemic has swept across the globe, cybercriminals seem to be leveraging this global concern to the utmost. Yes, a new strain of the File-Encrypting Virus, Coronavirus Ransomware is currently posing a great threat to the computer users around the world.
According to a recent tech report by the RiskIQ, large businesses & corporations are the main targets of the new Coronavirus Ransomware.
An extensive analysis reveals that the threat actors, at first, infect the systems with malware such as Emotet & AZORult & then carry out the new Ransomware Attack against the victims. Once the files are encrypted, it demands ransom to be paid in Bitcoins to retrieve the encrypted data.
One of the cyber-security companies reported that the main objective of Coronavirus Ransomware developers is to deliver & install a nasty data-gathering Trojan named Kpot Infostealer.
This devious Trojan is prevalent in the cyber-world since past many years & suspected to have received numerous changes. It is known for stealing sensitive information of the users such as passwords, login credentials from banking websites, gaming apps, web-browsers & crypto currency wallets.
According to the sources, Coronavirus Ransomware Attacks will primarily target large corporations & businesses that depend on markets & supply chains in China & several Coronavirus-infected countries.
The reason – Employees at the organizations have heightened their interest in the latest news, updates & developments related to this wide-spread fatal COVID-19. This has made them potentially more susceptible to social engineering – which can trick them to click on malware-laden links & ultimately install Ransomware on their systems.
One of the strains of Coronavirus Ransomware Phishing E-mails reads as follows:
After the installation, the ransomware takes over the system, encrypts the targeted file extensions and thus restricts the users from accessing the files. It then demands hefty ransom amount in Bitcoins in exchange of the decryption tool & unique private key.
The analysis reveals that threat actors execute attack campaigns in layers. The system is first infected with phishing & other social engineering techniques. Once infected, the system is then completely taken over by delivering ransomware & other malware.
The researchers claim Coronavirus Ransomware is possibly using two techniques to spread the infection. Both techniques are said to be the result of the phishing campaigns.
The first spread technique involves the usage of AZORult Malware. It is said to be the source of the phishing campaign that was being used to target the shipping industry earlier this year.
Since 2018, the researchers have witnessed the usage of AZORult on at least 3 different occasions to install Ransomware.
The second phishing campaign that delivers Coronavirus Ransomware uses the nasty Emotet Trojan. Most of the confirmed cases have been reported from Japan. The victims received devious e-mails that claimed to contain vital information about Coronavirus Epidemic. However, a mere click on the given link would install & activate Emotet on the user’s system.
The reports state that in September 2019, Emotet developers partnered with Trikbot & Ryuk Ransomware. The alliance was done to over an organization’s network completely.
Secondary Targets of the Novel Coronavirus Ransomware could include health organizations & public health departments that are continuously involved in tracking the spread of the virus, providing medical assistance & finding the cure. It could possibly also impact the individuals & institutions that seek general information about the impact & spread of the COVID-19 on the internet.
Hits: 1038
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.