The COVID-19 Pandemic and Ransomware

In recent months, cybercriminals have started to exploit the COVID-19 pandemic for their own financial gain with a string of ransomware attacks.

Increasingly, cybercriminals are exploiting people’s fears, luring them into installing malicious software. Common ways that are currently being deployed include information about masks, hand sanitiser and vaccines, bogus track and trace apps, financial scams taking advantage of the precarious situation of millions around the world, and video and audience conference apps like Zoom. Sometimes, cybercriminals are resorting to encryption, followed by a “double extortion” to decrypt the data and prevent sensitive contents from being leaked – this is known as doxware.

The creators of the DoppelPaymer family of ransomware have claimed to have stolen and encrypted data from the local government of Torrance, California. The data purportedly includes personal information relating to the city’s 150,000 population, and the cybercriminals have demanded 100 bitcoins, around $700,000. The press release put out by the city in the aftermath of the attack claimed that there had simply been a “digital compromise”, with no mention of a ransomware attack. While the city has claimed that no data relating to its inhabitants had been encrypted and stolen, Doppel Leaks published sample files from the city’s budget, as well as personal information concerning the City Manager. The personal details that are allegedly in the hands of the cybercriminals behind the ransomware includes names, date of births, financial transactions and social security numbers. The hackers are threatening to release this information in a “double extortion” scam, demanding not only a ransom payment in return for the decryption key, but also in return for keeping the personal information stolen private.

Mobile users are also being targeted by ransomware. According to researchers at the cybersecurity firm ESET, an app being distributed on multiple websites, purporting to be an official COVID-19 tracing app from the Canadian government, is in fact ransomware. Canadian Prime Minister Justin Trudeau had announced that a track and trace app to help contain the spread of coronavirus, known as COVID Alert, and only two days later the fake app appeared online. Researchers at ESET have created a decryption tool for the CryCryptor app, allowing users to recover their data. But the fake COVID Alert app is not alone – Anomali have identified twelve COVID-19 track and trace apps, targeting multiple countries, affecting Android devices.

It is important to remain vigilant against ransomware and other malicious software, especially during the pandemic. Make sure you only visit trusted, official websites, especially when downloading software. You should also be especially careful when opening email attachments; is the message you received containing a link to a government welfare scheme or track and trace app genuine? Finally, do not give out any personal details to unknown websites.