In order to ensure social distancing protocols to control the spread of the COVID-19 pandemic, most companies have asked their employees to work from home as much as possible. Crypto companies are no exception as one of the industry giant, Coinbase, recently announced that will transition to a permanent remote-first workplace after the pandemic. However, according to a recent report, ransomware attacks are on the rise as more people continue to work from home.
A study which was recently published by cybersecurity firm, Proofpoint, reveals an increase in email-based phishing attacks used to deliver ransomware over the past few months. The researchers noted that, first-stage deployments of ransomware are reportedly on the rise. The U.S., France, Germany, Greece, and Italy have mostly been the targets.
According to the study, the attacks seem to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. It also noted that the ransom demands are very low compared to the amounts usually seen in similar attacks. Furthermore, the attackers often use native language lures and massages in their attacks. Notable among these ransomwares are Mr. Robot, Avaddon, Philadelphia, Darkgate and Ranion.
Each of these attackers encrypts the victim’s files and hold them ransom for payments. Daily volumes of messages can be as high as 350,000 in each campaign. Between June 4 and June 10, Avaddon alone featured in over 1 million messages. The researchers claimed they noted a variety of themes in these ransomware messages, including some that exploit COVID-19.
Mr. Robot in particular used a COVID-19 lure to persuade targeted users to click. Victims of these campaigns are sent messages claiming to be from departments of health services. These messages come with subjects lines like: “Your COVID19 results are ready / 85108”, “COVID19 virus analysis 83273”, and many others. Once the victim clicks on a link in the message, Mr. Robot ransomware installs, and a $100 payment demand appears.