‘CovidLock’ Exploits Coronavirus Fears With Bitcoin Ransomware

Published at: March 14, 2020

Opportunistic hackers are increasingly seeking to dupe victims using websites or applications purporting to provide information or services pertaining to coronavirus.

Cybersecurity threat researchers, DomainTools, have identified that the website coronavirusapp.site facilitates the installation of a new ransomware called “CovidLock.”

The website prompts its visitors to install an Android application that purportedly tracks updates regarding the spread of COVID-19, claiming to notify users when an individual infected with coronavirus is in their vicinity using heatmap visuals.

CovidLock ransomware launches screen lock attack on unwitting victims

Despite appearing to display certification from the World Health Organization and the Centers for Disease Control and Prevention, the website is a conduit for the ‘CovidLock’ ransomware — which launches a screen lock attack on unsuspecting users.

Once installed, CovidLock alters the lock screen on the infected device and demands a payment of $100 worth of BTC in exchange for a password that will unlock the screen and return control of the device to the owner. 

If a victim does not pay the ransom within 48 hours, CovidLock threatens to erase all of the files that are stored on the phone — including contacts, pictures, and videos.

The program displays a message intended to scare users into compliance with its demand, stating: “YOUR GPS IS WATCHED AND YOUR LOCATION IS KNOWN. IF YOU TRY ANYTHING STUPID YOUR PHONE WILL BE AUTOMATICALLY ERASED.”

DomainTools claims to have reversed engineered the decryption keys for CovidLock, adding that they will publicly post the key.

Coronavirus-themed website are 50% more likely to be malicious

According to cyber threat analyst, Check Point, coronavirus-themed domains are 50% more likely to be a front for malicious actors than other websites.

Since January 2020, the firm estimates that more than 4,000 domain names that relate to the coronavirus have been registered globally — 3% of which are deemed to be “malicious,” and 5% of which are described as “suspicious.”

U.K. public lose $1 million to coronavirus scams

On March 11, the U.K. Financial Conduct Authority warned of an increasing proliferation of coronavirus-themed scams - including investment scams fraudulently offering investments in crypto assets.

According to the U.K. National Fraud Intelligence Bureau (NFIB), many malicious sites are offering maps and visualizations tracking the spread of coronavirus — much like CovidLock. An NFID representative stated:

“They claim to be able to provide the recipient with a list of coronavirus infected people in their area. In order to access this information, the victim needs to click on a link, which leads to a malicious website, or is asked to make a payment in bitcoin.”

The NFIB estimates that coronavirus-themed scams have already defrauded the British public out of roughly $1 million.

Tags
Related Posts
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020
Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures
Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …
Bitcoin / June 9, 2020
New Ransomware Uses a Banking Trojan To Attack Governments and Companies
A new type of ransomware attack emerged in recent months, raising red flags among the cybersecurity community and authorities such as the FBI in the United States. Cybersecurity firm Group-IB has warned that it comes in the form of a Trojan, according to a report published on May 17. According to Group-IB’s study, the ransomware is known as ProLock and relies on the Qakbot banking trojan to launch the attack and asks the targets for six-figure USD ransoms paid out in BTC to decrypt the files. The roster of victims includes local governments, financial, healthcare and retail organizations. Among them, …
Bitcoin / May 19, 2020
Using Ransomware, Hackers Steal and Publish Medical Data of Firm Researching Coronavirus
Black hat hacker group Maze has infected the infrastructure of a firm researching the coronavirus with ransomware, managing to steal and publish sensitive data. The hack of medical information Cybersecurity firm Emsisoft told Cointelegraph on March 23 that Maze group’s hackers compromised United Kingdom medical firm Hammersmith Medicines Research. The published data includes sensitive data on medical test volunteers such as id documents like passports, medical background and details of the tests. Emsisoft threat analyst Brett Callow said: “[The data] is on the clear web where it can be accessed by anybody with an internet connection. [...] The criminals almost …
Bitcoin / March 23, 2020
Cybercrooks to ditch BTC as regulation and tracking improves: Kaspersky
Bitcoin (BTC) is forecasted to be a less enticing payment choice by cybercriminals as regulations and tracking technologies improve, thwarting their ability to safely move funds. Cybersecurity firm Kaspersky in a Nov. 22 report noted that ransomware negotiations and payments would rely less on Bitcoin as a transfer of value as an increase in digital asset regulations and tracking technologies will force cybercriminals to rotate away from Bitcoin and into other methods. As reported by Cointelegraph, ransomware payments using crypto topped $600 million in 2021 and some of the biggest heists such as the Colonial Pipeline attack demanded BTC as …
Bitcoin / Nov. 23, 2022