Coronavirus Phishing Attacks Now Reportedly Delivering Netwalker Ransomware
As per the reports, the overworked members of healthcare sector are being targeted with coronavirus based phishing emails
Since the world now fight against Covid-19 pandemic, the hackers are now also very active and targeting various sectors for illicit intentions. As per current report, the healthcare sector has been under great stress now due to lack of medical equipment and shortage of bed spaces, like problems. However, the cyber criminals are just ignoring the global crisis and intended to take benefits and targeting those healthcare providers with malware for their personal financial profit.
By studying over the latest email scams, it seems like the devs of Netwalker ransomware are not worried for global crisis and just want illegal financial profit, no matters how the world and health care sectors are facing difficulties to fight against the pandemic. As per the head of cybersecurity firm firm named SentinelLabs, Vitali Kremez’s post on twitter, the body of email is not yet detected, however the emails are found delivering malicious attachments which is incorporating Netwalker ransomware.
“Another Ransomware Extortionist Group “#NetWalker” Spotted Attacking Healthcare AND Leveraging #CoronaVirus Phishing Lures”
Coronavirus based phishing attack has now increased throughout the world since the issue is now running in natural public interest in the pandemic and cyber security experts along with government institutions too like CISA. These security experts have issues a number of warnings about the increase in number of attacks related to Covid-19 outbreak. Cyber crime master minds are impersonating WHO with rogue donation requests, even a fake pandemic heat map was found recently which actually runs AZORult banking trojan in system backgorund, and even many more.
“CORONAVIRUS_COVID-19.vbs.vbs” file is being used to launch malware on targeted machines
In the newly found phishing scam or campaign, the Netwalker ransomware devs are utilizing attachments which is embedded with executable script. The attached file is named as “CORONAVIRUS_COVID-19..vbs.vbs”, running which extracts another exe file named qeSW.exe that is placed into TEMP directory. The malware further uses a built-in API to insert malicious code in Windows Explorer, and this capability is technically named as Hollowing. As a result, the Netwalker ransomware will manage to do its changes alike other ransomware do, and such tasks include deletion of Shadow volume Copies, termination of anti-malware apps, modifications in Windows Registry settings, and so on.
When all preparations of this ransomware is complete, the malware will start to encrypt all files stored on computer including locals as well as those saved on connected network. Following encryption, the files are appended with custom string and a new file extension as well. Finally, the ransomware will deliver a ransom note on computer which is named as [extension]-Readme.txt, that explains the users that paying a specified ransom is essential in order to retrieve your encrypted files.
Unfortunately, there’s no possible decryption software available in free as the aforesaid ransomware is not yet cracked. However, the lost or encrypted data can be recovered or restored through backups. This ransomware is actually creating disruptions for mostly health care sectors like hospitals, and other parties too which are dealing with the crisis. Some cyber crime masterminds are also stealing sensitive data or information as well during infection to publish them online if the demanded ransom fee is not paid within specified time limit. This is actually worsening the matter.
Netwalker ransomware is responsible for other attacks too
In the mid of global pandemic, a number of well known cyber crime gangs behind malware strains like Maze ransomware etc, claimed that they will not attack healthcare sectors dealing with Covid-19 crisis. They actually claimed that in case if their malware affects such sectors within period of pandemic, decryption keys and tools will be offered to users without any cost. However, not all such cyber crime groups can be relied as they continue to infect healthcare sector despite of Covid-19 outbreak.
There’s probably no doubt that ransomware once attack a machine, will significantly disrupt the operations of hospitals as well as the supply chains that manufacture and deliver various required equipment to users when required. Although, some cyber criminals groups have promised to stop their malicious activities in this pandemic session, still a number of groups there who are just wiling to abuse targeted sectors for their personal gains.