Is the Coronavirus becoming an attack channel for ransomware?

Nowadays, everybody is aware of the term, ‘Novel Coronavirus.’ All over the world, 7.7 Billion people have gotten affected by Coronavirus directly or indirectly. It has impacted so badly that currently, entire mankind is frightened and worried about the future of their survival. As per sources, it originated in China and spread across the entire world so fast that it affected the daily routine of all the citizens in every country.  However, is the cybersecurity sphere seeing this pathological threat misused by hackers to launch ransomware also?

How is the Cyberworld aligned with this fact?

Cybercriminals took all possible advantage to steal valuable, personal and financial information through Coronavirus. There are cases wherein  spam emails have been sent that used the coronavirus as a motivator to get recipients to open emails designed to hack their systems. These malicious programs encrypted sensitive information of users on their systems and demanded large sums of money as ransom to decrypt locked data. Such campaigns are still on the rise.

We recently covered this phenomenon through one of our blogs. Now, find out the technicalities of one of the ransomware executions through the use of the Novel Coronavirus as a platform.

Execution of ransomware

Coronavirus ransomware is seen spreading through a fake website —if malicious file is downloaded from the fake website it executes the Coronavirus Ransomware. Upon execution of the ransomware file, it encrypts user files as well as file names stored on the infected system. It also renames the drive as Coronavirus as  seen in the below screenshot:

Fig 1: Encrypted Files

After this activity 15 minutes of ransom note will display on system reboot.

                                                                   Fig 2: Reboot Note

Ransomware Drops the below Ransom Note in each folder where files are encrypted:

Fig 3: Ransom Note

How Quick Heal helps:

 Quick Heal offers multilayered protection against this attack.

• Quick Heal detects the Ransomware malicious file as ‘TrojanDownloader.Upatre’ followed by our Total Ransomware protection, as well as Behavior-based detection, detecting and blocking the ransomware’s malicious activity. So it reduces the risk of the ransomware infection.
• Quick Heal Web Security detects and blocks the malicious link which is responsible for downloading the ransomware

                      Fig 4: URL Detection

Ransomware has become a perpetual threat for individual users and businesses too. Once it encrypts any files, it is impossible to decrypt the data unless a ransom is paid to the perpetrator. Given the extent of the damage any ransomware can do to your data, you must follow the recommended security measures mentioned below.

1. Always take backup of your important data on regular basis.
2. Update your antivirus software that can block infected emails, websites, and stop infections that can spread through USB drives.
3. Do not click on links or download attachments that arrive in emails from unwanted or unexpected sources.

Anita Ladkat