Home Malware Programs Ransomware CovidLock Ransomware

CovidLock Ransomware

Posted: March 17, 2020

The CovidLock Ransomware is a screen-locking Trojan that blocks Android devices by forcing a password change and displays an extortionist pop-up. The CovidLock Ransomware circulates through fake Coronavirus-tracking applications on fraudulent websites. Users should curate their downloads carefully for potential risks, let anti-malware tools remove the CovidLock Ransomware and similar threats as appropriate, and use the publicly-known key for unlocking their devices.

Coronavirus Continuing to Make Waves throughout the Threat Landscape

While the COVID-19 epidemic is leaving significant economic disruption in its wake, threat actors are turning lemons into lemonade by plundering victims and concerned citizenry, the CovidLock Ransomware is a recent example of such fraud in action, coming alongside the attacks of CoronaVirus Ransomware and Vicious Panda's fake disease documents simultaneously, The CovidLock Ransomware, while similar in delivery mechanisms to Vicious Panda's tactic and payload similar to the CoronaVirus Ransomware, offers some slight spins on the fraud in question.

Malware experts determine that the CovidLock Ransomware is specific to Android devices, such as phones, rather than Windows and other desktop-style environments. An unlabeled threat actor is using a fake Coronavirus awareness website for promoting the Trojan's installer as an application for monitoring the epidemic, The site markets the application with features such as individual-specific heatmap-tracking and real-time proximity alerts, which makes it resemble a high-value utility for any gullible Web surfers.

After getting its installation, the CovidLock Ransomware doesn't encrypt files as per most ransom-oriented Trojans. Its attacks, instead, lock the device by forcing a password change and protecting the new one with encryption, The CovidLock Ransomware also displays a pop-up alert that demands a Bitcoin ransom and threatens users with a deadline warning, after which, the criminal supposedly leaks their social media and destroys all contacts and media on the phone. Malware experts see no evidence of the latter feature in samples to date, however, which is a likely bluff.

Simple Keys for Simple-Minded Tactics

Unlike the majority of file-locking Trojans that it resembles so closely, the CovidLock Ransomware doesn't use a secure encryption method on its key-generating routine. By the time of this article's publication, resources for 'unlocking' the phone freely should be available on the Web. Nonetheless, such happy endings aren't endemic to all Trojans with screen-locking or data-encrypting properties, and users should continue saving backups on secondary devices for their recovery needs.

The CovidLock Ransomware also is part of an overall surge in Coronavirus-themed, corrupted websites. Sites offering unusual disease-tracking or alert features are more likely to be harmful to users than otherwise, especially if they're using suspicious addresses like the CovidLock Ransomware's 'coronavirusapp.site.' Users can mitigate the danger significantly by sticking to official application resources like Google's Play Store (although that repository has issues of its own, a la Agent Smith, Haken, etc.).

Anti-malware products compatible with Android should encounter few issues with blocking the CovidLock Ransomware or deleting the CovidLock Ransomware infections (after the user overcomes the lock screen).

Criminals don't take holidays when disaster strikes. While users juggle their many responsibilities during an outbreak, the CovidLock Ransomware adds one more problem to the ever-growing pile – and the fact that it attacks phones instead of bodies scarcely makes it any less deadly.[templatemalwareremoval]

Loading...