Punisher ransomware disguises as a COVID tracking app


Threat actors still leverage the COVID-19 pandemic to lure victims into a trap.

If you still track COVID-related information, make sure you get your updates from trustworthy sources.

ADVERTISEMENT

Researchers at Cyble recently discovered a new variant of Punisher ransomware spreading through a fake COVID tracking application and targeting users in Chile.

After affecting the system, the ransomware “appends data to ransom notes such as System ID, unique identifier of each victim, BTC address for the ransom payment, date of infection, and JavaScript codes to start the timer, which will also increase the ransom amount after a specific timeframe.”

Victims discover ransom notes as a shortcut to a file named “unlock your files.lnk” on the Desktop, Startup, and Start menus.

The attackers demand $1000 in Bitcoin for decrypting files.

Punisher ransom note

Judging from its techniques and the ransom amount, it appears that criminals behind the Punisher ransomware target individuals rather than large corporate networks.

“The files encrypted by this ransomware can also be easily decrypted as it uses AES-128 symmetric algorithm for its encryption,” Cyble concluded.

Therefore, users should be cautious and download COVID-19-related applications only from verified sources, conduct regular backups, turn on automatic software updates, use a reputed antivirus, and refrain from clicking on unverified links and email attachments.

ADVERTISEMENT