Login

Register

Login

Register

#cybersecurity | Is the Coronavirus becoming an attack channel for ransomware?


Estimated reading time: 3 minutes

Nowadays, everybody is aware of the term, ‘Novel Coronavirus.’ All over the world, 7.7 Billion people have gotten affected by Coronavirus directly or indirectly. It has impacted so badly that currently, entire mankind is frightened and worried about the future of their survival. As per sources, it originated in China and spread across the entire world so fast that it affected the daily routine of all the citizens in every country.  However, is the cybersecurity sphere seeing this pathological threat misused by hackers to launch ransomware also?

How is the Cyberworld aligned with this fact?

Cybercriminals took all possible advantage to steal valuable, personal and financial information through Coronavirus. There are cases wherein  spam emails have been sent that used the coronavirus as a motivator to get recipients to open emails designed to hack their systems. These malicious programs encrypted sensitive information of users on their systems and demanded large sums of money as ransom to decrypt locked data. Such campaigns are still on the rise.

We recently covered this phenomenon through one of our blogs. Now, find out the technicalities of one of the ransomware executions through the use of the Novel Coronavirus as a platform.

Execution of ransomware

Coronavirus ransomware is seen spreading through a fake website —if malicious file is downloaded from the fake website it executes the Coronavirus Ransomware. Upon execution of the ransomware file, it encrypts user files as well as file names stored on the infected system. It also renames the drive as Coronavirus as  seen in the below screenshot:

 

Fig 1: Encrypted Files

 

 

After this activity 15 minutes of ransom note will display on system reboot.

                                                                   Fig 2: Reboot Note

 

Ransomware Drops the below Ransom Note in each folder where files are encrypted:

Fig 3: Ransom Note

 

How Quick Heal helps:

 Quick Heal offers multilayered protection against this attack.

  • Quick Heal detects the Ransomware malicious file as ‘TrojanDownloader.Upatre’ followed by our Total Ransomware protection, as well as Behavior-based detection, detecting and blocking the ransomware’s malicious activity. So it reduces the risk of the ransomware infection.
  • Quick Heal Web Security detects and blocks the malicious link which is responsible for downloading the ransomware
URLDetection

                      Fig 4: URL Detection

Ransomware has become a perpetual threat for individual users and businesses too. Once it encrypts any files, it is impossible to decrypt the data unless a ransom is paid to the perpetrator. Given the extent of the damage any ransomware can do to your data, you must follow the recommended security measures mentioned below.

  1. Always take backup of your important data on regular basis.
  2. Update your antivirus software that can block infected emails, websites, and stop infections that can spread through USB drives.
  3. Do not click on links or download attachments that arrive in emails from unwanted or unexpected sources.

Have something to add to this story? Share it in the



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW