Cyber criminals are preying on fear with Coronavirus themed ransomware

Cyber security

This piece is written by Dr Paul Haskell-Dowland, Associate Dean for Computing and Security at ECU.

Just as the public are getting to grips with the COVID-19 fallout, cyber criminals are taking advantage of the wave of fear around the virus. 

This isn’t a new technique, and certainly will not be the last time that major events, incidents and emergencies are misused by scammers with a desire to profit.

Here’s one example of a coronavirus ransomware scam.

What is CovidLock Ransomware

A recent example of malicious software, Covidlock, has targeted the Android operating system with a dedicated ransomware attack. Users are tricked into installing a tool to track the coronavirus’ spread across the globe. This application purports to offer users a mechanism to visualise outbreaks and track statistics, but in reality, it conceals ransomware that locks the user out of their device.

Ransomware is a particularly dangerous form of malicious software (malware).  In most cases, ransomware locks a user out of their files by encrypting them with a secret password that is only returned to the user once they pay the ransom (usually paid with bitcoin).

CovidLock follows this model by demanding $100 in bitcoin to unlock the device.  Although, at present, it seems that the users’ files are not actually encrypted (made inaccessible).  Instead, it is the pin code for the device itself that is manipulated.

Using a ‘screen lock attack’ is an interesting approach that differs from the more usual ransomware approach of encrypting files.  Users failing to pay the ransom will allegedly have their data wiped with further threats that their social media accounts will be made public.

The CovidLock example has the potential to be particularly successful for scammers as it plays on the victims’ concerns regarding coronavirus. The app claims to notify the user when they are in close proximity to an infected person. It is understandable why this may be a desirable feature at a time when fear of exposure is growing.

Fortunately, it seems that this particular approach has not yet secured significant returns for the criminals. It is, however, likely that this will change over time.

It isn’t just malware that is targeting users.  There are traditional scams that prey on a desire for information or products in relation to the outbreak.  With thousands of websites having been registered this year, the UK National Fraud Intelligence Bureau (NFIB) has collected evidence of scams and crimes exceeding $1.5m so far this year.

How to protect yourself from cyber attacks

As with most cyber incidents, users can effectively defend themselves with simple measures.

Use approved apps

By using approved sources for apps, users can protect themselves against many threats.  For Android devices, the Google Play Store offers a level of reassurance against malware (although not complete immunity). Users who install unauthorized software from websites or stores are likely to face greater risks.

Understand required device permissions

Thinking about the permissions being granted to apps is also important.  CovidLock can only successfully lock the device when granted certain permissions (specifically access to the lock screen).

Think twice

Thinking twice about too-good-to-be-true opportunities – it is clearly impossible for an app to know if you are in proximity of an infected individual. The required data is not available to offer such services to the public.  Even if it was possible, it would be a significant breach of privacy and would represent a major threat to personal safety.

Good cyber-hygiene keeps your data safe

Cyber-criminals are no different to those committing crimes in the physical world.  The Coronavirus outbreak is merely a business opportunity for those motivated to exploit weaknesses.

Just as we are directed to follow social-distancing and good personal hygiene to combat infection; it is through education and cyber-hygiene that users can avoid compromise.