Fake COVID-19 Tracking App Spreads Punisher Ransomware

Fake COVID-19 Tracking App Spreads Punisher Ransomware

Currently, the new campaign involving Punisher ransomware is targeting users in Chile.

Remember when malicious actors were spreading Nerbian RAT through fake WHO Safety emails on COVID-19? Well, If you believe that threat actors and scammers have given up on COVID-19-related scams, then you are wrong as Punisher ransomware is out there with the help of fake COVID-19 tracking apps.

New Scam on the Block

It is just as important now to access reliable sources for COVID-related updates as it was back when the pandemic was at its peak. That’s because researchers at Cyble Research and Intelligence Labs (CRIL) have discovered a brand-new variant of Punisher ransomware that’s being distributed through a bogus COVID-19 tracker app available on a COVID-19-theme-based site (covid19digitalhealthconsultingcl).

Fake COVID-19 Tracking App Spreads Punisher Ransomware
Ransom note of Punisher Ransomware

Attack Analysis

Since this COVID-19 scam involves ransomware, the malicious activities start right after the malware infiltrates the system. It quickly appends data to ransom notes, including the victims’ unique ID, system ID, BTC address, infection date, and JavaScript codes.

After this is done, the timer is started to ensure the ransom amount keeps increasing as time passes. the ransom note is displayed on the Desktop, Startup, and Start menus as a shortcut to a file titled “unlock your files.ink.” Punisher encrypts the following data on the targeted device:

  1. AlertingUser
  2. RetrieveFiles
  3. CheckConnection
  4. GeneratePassword
  5. GenerateSystemID
  6. MakeConnection

Who are the Targets?

The attackers are targeting individuals in Chile in this campaign, and for file decryption, they are demanding $1000 in bitcoin. Researchers believe the attackers are targeting individuals and not corporations for this scam.

Their analysis is based on the modus operandi, the use of Punisher ransomware, and the malware’s use of the AES-128 symmetric algorithm to encrypt data.

How to Stay Protected?

You must exercise caution when accessing or downloading COVID-19-related apps or sites. Prefer downloading applications from authentic sources. Moreover, it is necessary to conduct regular backups, enable auto-updates, and install the best antivirus solutions. Also, avoid clicking on attachments in emails from unverified or unknown sources.

If you suspect your device may be affected by the ransomware, immediately detach all other devices sharing the network and external storage (if any), and keep monitoring the system logs for suspicious activities.

  1. Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
  2. Feds seize fraud domain claiming to provide COVID-19 vaccine
  3. Fake govt COVID-19 tracking app spreads Android ransomware
  4. Ransomware attack on health tech firm disrupted COVID-19 trials
  5. Dark web scammers selling ventilators & MP3 files to kill Coronavirus
Related Posts