skip to Main Content
+44 (0) 1628 308038

Netwalker Ransomware Infecting Users via Coronavirus Phishing

Coronavirus Phishing

As if people did not have enough to worry about, attackers are now targeting them with Coronavirus (COVID-19) phishing emails that install ransomware.

While we do not have access to the actual phishing email being sent, MalwareHunterTeam was able to find an attachment used in a new Coronavirus phishing campaign that installs the Netwalker Ransomware.

Netwalker is a ransomware formerly called Mailto that has become active recently as it targets the enterprise and government agencies. Two widely reported attacks related to Netwalker are the ones on the Toll Group and the Champaign Urbana Public Health District (CHUPD) in Illinois.

The new Netwalker phishing campaign is using an attachment named “CORONAVIRUS_COVID-19.vbs” that contains an embedded Netwalker Ransomware executable and obfuscated code to extract and launch it on the computer.

Due to the ongoing Coronavirus pandemic, threat actors have actively started using the outbreak as a theme for their phishing campaigns and malware.

We have seen the TrickBot trojan using text from Coronavirus related news stories to evade detection, a ransomware called CoronaVirus, the data-stealing FormBook malware spread through phishing campaigns, and even an email extortion campaign threatening to infect your family with Coronavirus.

This has led to the US Cybersecurity and Infrastructure Security Agency (CISA) to issue warnings about the rise of Coronavirus-themed scams and the World Health Organization (WHO) to release warnings of phishing scams impersonating their organization.

Attackers are always shifting their methods to stay ahead of defenders. New-school security awareness training can help your users keep up with the constantly changing threat environment, especially when more of them (or all) are working remotely.

With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST Results

Here’s how it works:

Immediately start your test for up to 100 users (no need to talk to anyone)

Customise the phishing test template based on your environment

Choose the landing page your users see after they click

Show users which red flags they missed, or a 404 page

Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management

See how your organisation compares to others in your industry.

PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

Close search
Back To Top