HQ/EMEAFind out how we can help your business
A new strain of the Punisher ransomware has been spotted targeting users from Chile. Based on reports, the ransomware operators used a fake COVID-19 tracking application as a lure and vector to distribute their malware.
Despite the availability of vaccines and lesser disciplinary protocols for COVID, researchers are still receiving reports of threat campaigns that use pandemic-related tools, such as tracking apps.
The researchers discovered the phishing website for the lure in a domain named covid19[.]digitalhealthconsulting[.]cl. The field is a fake website that launches the ransomware that disguises a COVID-19 tracking app.
The Punisher ransomware uses a free template for its ransom note.
An investigation revealed that the Punisher ransomware operators utilise a free template of a ransom note, which they customise by adding details specific to each target.
The ransom note was spotted by analysts in a file shortcut dubbed ‘unlock your files[.]lnk’ that contains a demand statement for the target to pay $1000 worth of Bitcoin in exchange for the decryption key.
This low amount of demand from the threat actors implies that their ransomware campaign is for targeting individual users than targeting large groups or big-time organisations.
Furthermore, the ransomware appends data to ransom notes like a System ID that behaves as a unique identifier for each victim. A BTC address and the date of infection are also included in the ransom note.
Subsequently, the actors include JS codes that start a timer, increasing the ransom amount each time a deadline expires.
Fortunately, the researchers explained that the ransomware-encrypted files could be decrypted by anyone competent since it uses the AES-128 symmetric encryption algorithm.
Cybersecurity experts suggested that users follow the cybersecurity measures provided by security solutions to keep their devices and data safe from cyberattacks such as ransomware.
Keeping software and systems on all devices is also needed to mitigate any chances of exploitation. Lastly, users should never forget to download any COVID-19 applications from official websites, app stores, or trusted sources.
