{"id":88798,"date":"2020-03-30T16:23:19","date_gmt":"2020-03-30T10:53:19","guid":{"rendered":"https:\/\/blogs_admin.quickheal.com\/?p=88798"},"modified":"2020-03-30T23:26:33","modified_gmt":"2020-03-30T17:56:33","slug":"is-the-coronavirus-becoming-an-attack-channel-for-ransomware","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/is-the-coronavirus-becoming-an-attack-channel-for-ransomware\/","title":{"rendered":"Is the Coronavirus becoming an attack channel for ransomware?"},"content":{"rendered":"<p>Nowadays, everybody is aware of the term, \u2018Novel Coronavirus.\u2019 All over the world, 7.7 Billion people have gotten affected by Coronavirus directly or indirectly. It has impacted so badly that currently, entire mankind is frightened and worried about the future of their survival. As per sources, it originated in China and spread across the entire world so fast that it affected the daily routine of all the citizens in every country. \u00a0However, is the cybersecurity sphere seeing this pathological threat misused by hackers to launch ransomware also?<\/p>\n<h2>How is the Cyberworld aligned with this fact?<\/h2>\n<p>Cybercriminals took all possible advantage to steal valuable, personal and financial information through Coronavirus. There are cases wherein \u00a0spam emails have been sent that used the coronavirus as a motivator to get recipients to open emails designed to hack their systems. These malicious programs encrypted sensitive information of users on their systems and demanded large sums of money as ransom to decrypt locked data. Such campaigns are still on the rise.<\/p>\n<p>We recently covered this phenomenon <a href=\"https:\/\/bit.ly\/2vj0c6P\" target=\"_blank\" rel=\"noopener\">through one of our blogs<\/a>. Now, find out the technicalities of one of the ransomware executions through the use of the Novel Coronavirus as a platform.<\/p>\n<p><strong>Execution of ransomware<\/strong><\/p>\n<p>Coronavirus ransomware is seen spreading through a fake website \u2014if malicious file is downloaded from the fake website it executes the Coronavirus Ransomware. Upon execution of the ransomware file, it encrypts user files as well as file names stored on the infected system. It also renames the drive as Coronavirus as\u00a0 seen in the below screenshot:<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_88807\" aria-describedby=\"caption-attachment-88807\" style=\"width: 544px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-88807 size-full\" title=\"Fig 1: Encrypted Files\" src=\"https:\/\/blogs_admin.quickheal.com\/wp-content\/uploads\/2020\/03\/encryptedfiles.jpg\" alt=\"Encrypted Files\" width=\"544\" height=\"333\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/encryptedfiles.jpg 544w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/encryptedfiles-300x184.jpg 300w\" sizes=\"(max-width: 544px) 100vw, 544px\" \/><figcaption id=\"caption-attachment-88807\" class=\"wp-caption-text\"><strong>Fig 1:<\/strong> Encrypted Files<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>After this activity\u00a015 minutes of ransom note will display on system reboot.<\/p>\n<figure id=\"attachment_88809\" aria-describedby=\"caption-attachment-88809\" style=\"width: 783px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-88809 size-full\" src=\"https:\/\/blogs_admin.quickheal.com\/wp-content\/uploads\/2020\/03\/reboot.png\" alt=\"\" width=\"783\" height=\"308\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/reboot.png 783w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/reboot-300x118.png 300w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/reboot-768x302.png 768w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/reboot-650x256.png 650w\" sizes=\"(max-width: 783px) 100vw, 783px\" \/><figcaption id=\"caption-attachment-88809\" class=\"wp-caption-text\"><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Fig 2:<\/strong> Reboot Note<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p>Ransomware Drops the below Ransom Note in each folder where files are encrypted:<\/p>\n<figure id=\"attachment_88808\" aria-describedby=\"caption-attachment-88808\" style=\"width: 662px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-88808\" src=\"https:\/\/blogs_admin.quickheal.com\/wp-content\/uploads\/2020\/03\/Ransomnote.jpg\" alt=\"\" width=\"662\" height=\"289\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/Ransomnote.jpg 662w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/Ransomnote-300x131.jpg 300w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/Ransomnote-650x284.jpg 650w\" sizes=\"(max-width: 662px) 100vw, 662px\" \/><figcaption id=\"caption-attachment-88808\" class=\"wp-caption-text\"><strong>Fig 3:<\/strong> Ransom Note<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<p><strong>How Quick Heal helps: <\/strong><\/p>\n<p><strong>\u00a0<\/strong>Quick Heal offers multilayered protection against this attack.<\/p>\n<ul>\n<li>Quick Heal detects the Ransomware malicious file as <strong>\u2018TrojanDownloader.Upatre\u2019<\/strong> followed by our <strong>Total Ransomware protection<\/strong>, as well as <strong>Behavior-based detection,<\/strong> detecting and blocking the ransomware\u2019s malicious activity. So it reduces the risk of the ransomware infection.<\/li>\n<li>Quick Heal Web Security detects and blocks the malicious link which is responsible for downloading the ransomware<\/li>\n<\/ul>\n<figure id=\"attachment_88810\" aria-describedby=\"caption-attachment-88810\" style=\"width: 372px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-88810 size-full\" src=\"https:\/\/blogs_admin.quickheal.com\/wp-content\/uploads\/2020\/03\/URLDetection.jpg\" alt=\"URLDetection\" width=\"372\" height=\"232\" srcset=\"https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/URLDetection.jpg 372w, https:\/\/www.quickheal.com\/blogs\/wp-content\/uploads\/2020\/03\/URLDetection-300x187.jpg 300w\" sizes=\"(max-width: 372px) 100vw, 372px\" \/><figcaption id=\"caption-attachment-88810\" class=\"wp-caption-text\"><strong>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Fig 4:<\/strong> URL Detection<\/figcaption><\/figure>\n<p>Ransomware has become a perpetual threat for individual users and businesses too. Once it encrypts any files, it is impossible to decrypt the data unless a ransom is paid to the perpetrator. Given the extent of the damage any ransomware can do to your data, you must follow the recommended security measures mentioned below.<\/p>\n<ol>\n<li>Always take backup of your important data on regular basis.<\/li>\n<li>Update your antivirus software that can block infected emails, websites, and stop infections that can spread through USB drives.<\/li>\n<li>Do not click on links or download attachments that arrive in emails from unwanted or unexpected sources.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Nowadays, everybody is aware of the term, \u2018Novel Coronavirus.\u2019 All over the world, 7.7 Billion people have gotten affected by Coronavirus directly or indirectly. It has impacted so badly that currently, entire mankind is frightened and worried about the future of their survival. As per sources, it originated in China and spread across the entire [&hellip;]<\/p>\n","protected":false},"author":35,"featured_media":88832,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1725],"tags":[1721,534,50],"class_list":["post-88798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-coronavirus","tag-coronavirus","tag-cybersecurity","tag-ransomware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/88798"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=88798"}],"version-history":[{"count":17,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/88798\/revisions"}],"predecessor-version":[{"id":88843,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/88798\/revisions\/88843"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/88832"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=88798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=88798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=88798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}