The COVID-19 outbreak is one of the scariest challenges our generation has faced, and hackers, scammers, and spammers have prepared new evade-and-infect methods to attack stressed-out victims. These fraudsters leverage various phishing methods to spread malware such as Remote Access Trojans, ransomware, spyware, malware, and illicit cryptominers, using the COVID-19 pandemic as bait.
Though such attacks are primarily targeted at the enterprise, such as the healthcare sector, these con artists are not sparing end-users. Cybercriminals send unsolicited emails about safety guidelines, real-time COVID-19 infection tracking maps, or charitable donations, that have malicious links or infected attachments.
Not all attacks directly leverage COVID-19. The heightened anxiety during this period, coupled with extensive use of the internet to manage most facets of daily life, has made people vulnerable in different ways. We have seen end-users targeted with a blended attack that combines ransomware, Bitcoin, and sextortion. It is an ingenious recipe, but let us first examine its ingredients.
Ransomware has become one of the favourite attack methods of cybercriminals. Milking money from victims has become a significant cause of computing disruption. The cyberattacker encrypts the victim’s data and will only decrypt it if the victim pays the ransom.
The healthcare industry has been the primary target of ransomware developers for years because threat actors exploit the health and safety factor to compel medical institutions’ administrators to pay the ransom. This has increased during the pandemic.
Brno University Hospital, a crucial COVID-19 testing centre in the Czech Republic, had its healthcare operations disrupted by ransomware until the Czech National Cybersecurity department and Czech Law Enforcement stepped in to restore its services. The Champaign-Urbana Public Health District in Central Illinois was also hit by ransomware, putting thousands of lives at stake.
Unlike the conventional data breach, the victim’s data need not leave the victim’s machine and need have value only to the victim. This means that any one of us can be a target because we all have private and confidential information that is of value to us.
…Blend with Bitcoin…
Bitcoin captured the public’s imagination when its value soared a few years ago. The cryptocurrency’s lustre has faded a bit now but it still has great value to cybercriminals, and particularly those who carry out ransomware attacks, because its transactions are anonymous.
An Android ransomware application called CovidLock locks the device’s display with a ransom prompt asking for $100 in Bitcoin in 48 hours. The advantages of using Bitcoin here are obvious: the victim can buy Bitcoin and pay the ransom online without the identity of the scammer being revealed.
…and Serve Sextortion
Sextortion combines these two ingredients and brings the evil dish to a boil with a sinister email that demands $1,000 in Bitcoin. The email’s threatening text says:
You may well be thinking why the hell would you do that? Very well, put together yourself because I am going to tremble your world right now. I had dangerous spyware and adware infecting your computer as well as record video of YOU (using your web camera) when you browsed ‘adult’ web sites.
Here is one of your own pass word ****.
Nonetheless don’t believe me? Reply 7 and I’ll be randomly share your video with 7 people you recognize (Yes, I’ve access to your contact list also).
Right now, what can I want to make this whole thing vanish? Very well, I have already mentioned the actual deal in starting of the e mail. If you dont fulfill it within Twenty four hours, I will create your life horrible by sending that video to Every person you know. Your time begins now.
The email sender threatens to destroy the social reputation of the victim unless they pay the ransom amount in Bitcoin within 24 hours. While this email may not directly reference the pandemic, it cleverly guesses that many people stuck at home with only the internet to entertain themselves may be indulging in embarrassing pleasures.
Such sextortion emails usually involve layers of social engineering techniques to intimidate their prey and psychologically compel them to click on a link to install ransomware. In such cases the fraudster claims to have a password (even when they don’t have one), to establish credibility. Once the ransomware is installed, the victim is at the mercy of the attacker even if they had been sceptical of the conman’s previous claims.
Stop Such Scams
Cyberattacks can exploit vulnerabilities in a device, network, or user, and users are particularly vulnerable right now. We are likely to see many diabolical attempts to trick and harm people during this pandemic. Follow these steps to avoid falling for such scams:
- Check the email sender’s ID carefully. In case of any doubt, navigate to the official website and check its “Contact Us” page to recheck the email domain
- Never click on any incoming links. Instead, go to the corresponding site and navigate to the link yourself
- Never call any number mentioned in an email
- Never click on any attachment sent by a person you don’t know
- Be suspicious of any message with a sense of urgency
- Ensure that your Endpoint Security or VPN is turned on while connecting to your infrastructure
- Disable Remote Desktop Protocol unless required
- Enable two-factor authentication (2FA) for all your work apps and related services. 2FA or multi-factor authentication helps protect you from potential hacks
- Don’t mix work and leisure. Never install or open any apps or services which could lead to a conflict with your work environment, apps, or services. Also, don’t let others use your work devices