Cybercriminals are taking advantage of the logical interest generated by this pandemic to spread powerful ransomware that establishes itself in the boot records of the computers it infects, requesting a ransom to recover the data stored on that computer.
Current topics arouse users’ interest, and if that news revolves around one of the most severe pandemics in history, welfare is assured.
According to ESET’s security barometer, Spain and Latin America have been the preferred targets of attackers in recent weeks. All types of ransomware, banking malware and phishing campaigns related to COVID-19 have been used.
The most common threat these days is starring a series of emails that official bodies identify. For example, the Ministry of Health or the General Directorate of Traffic is impersonated with alleged health recommendations. Or on how to act during the confinement period.
These emails contained files or links that served as a gateway for the attack in the form of Netwalker ransomware that could have attacked healthcare infrastructures and MBRLockers, which install themselves in the Windows Master Boot Record (MBR). And prevent the computer from starting the operating system.
MBRLockers stem from such significant threats as Petya and GoldenEye. This wreaked havoc in 2017 in the wake of Wannacry, that caused more than $ 1.4 billion in losses among the world’s leading companies.
Cybercriminals’ unscrupulousness has reached the limit of baptizing one of the malware used to extort users and companies as a coronavirus. Whose executable materializes as COVID-19.exe.
Avast and SonicWall analyzed the MBRLocker Coronavirus. And found that it executes its attack by creating a background process that backs up the boot drive’s MBR. And replaces it with a modified MBR that prevents access to the system.
This threat has found a perfect breeding ground in social networks and memes. You are spreading massively through memes, jokes, or messages related to the coronavirus. When you download or open them, the script is executed. And the threat installs itself on the computer and is blocked.