© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Punisher ransomware disguises as a COVID tracking app


Threat actors still leverage the COVID-19 pandemic to lure victims into a trap.

If you still track COVID-related information, make sure you get your updates from trustworthy sources.

Researchers at Cyble recently discovered a new variant of Punisher ransomware spreading through a fake COVID tracking application and targeting users in Chile.

After affecting the system, the ransomware “appends data to ransom notes such as System ID, unique identifier of each victim, BTC address for the ransom payment, date of infection, and JavaScript codes to start the timer, which will also increase the ransom amount after a specific timeframe.”

Victims discover ransom notes as a shortcut to a file named “unlock your files.lnk” on the Desktop, Startup, and Start menus.

The attackers demand $1000 in Bitcoin for decrypting files.

Punisher ransom note

Judging from its techniques and the ransom amount, it appears that criminals behind the Punisher ransomware target individuals rather than large corporate networks.

“The files encrypted by this ransomware can also be easily decrypted as it uses AES-128 symmetric algorithm for its encryption,” Cyble concluded.

Therefore, users should be cautious and download COVID-19-related applications only from verified sources, conduct regular backups, turn on automatic software updates, use a reputed antivirus, and refrain from clicking on unverified links and email attachments.


More from Cybernews:

IKEA posted on ransomware gang’s leak site

Escort ad spam used to drown out China COVID protests

Return of Bob Iger hints at Disney's metaverse plans

Maple Leaf Foods added to ransomware gang’s victim list

Are AR glasses destined to replace smartphones?

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked