New "Coronavirus" Malware Targets Windows Users
Researchers have discovered multiple computer viruses and destructive software (malware) that use coronavirus and COVID-19 themes, and we expect these attacks to increase. These malware programs can be significantly damaging to systems and the data they maintain.
Malware called COVID-19.exe disables the victim’s ability to remove an alerting message, while destroying the computer’s master boot record. This effectively makes the computer non-functional.
An additional malevolent software tool masquerading as “coronavirus ransomware” displays ransomware messaging, but is actually malware that disables the master boot record and exfiltrates user passwords. A coronavirus-themed trojan program leaves users with a blinking cursor and a blank screen with a “your computer has been trashed” message.
This malware has been delivered through frequently-used methods, including via malicious email attachments, phishing campaigns, file downloads, fake applications, etc. To date, no specific repair or prevention tools have been noted.
ACA Guidance
We recommend that individuals and companies as a whole take extra precautions to protect themselves from coronavirus-related malware using COVID-19 as a pretense, and from any related criminal actions. Recommended procedures include:
- Ensure that all operating system, anti-malware, and device patches are regularly installed via a mandatory patching policy.
- Ensure that device patching programs reach and are enforced for users in the work from home environment.
- Implement a continuing user training program, focusing on prevention of phishing, spearphishing, and other forms of social engineering.
- Perform a cybersecurity risk assessment, in which potential areas of risk are located, and controls are subsequently detailed.
- Test network vulnerability with internal and external penetration testing.
- Ensure that access to networks and devices are closely monitored and authenticated. Enforce a strong password policy, while simultaneously using multi-factor authentication.
Additional Resources
ACA is actively monitoring the developments related to COVID-19 and producing resources to help your firm address operational challenges created by this pandemic. Visit our COVID-19 Resources page to access all of the resources we've developed that may help your firm navigate through the restrictions in place to curb the pandemic.
How We Help
ACA Aponix offers a range of solutions that can help your company reduce its cyber risk and maintain operational resilience during the COVID-19 pandemic. These include:
- Free Online Cybersecurity Training
- Phishing testing and cyber awareness
- Penetration testing and vulnerability assessments
- Threat intelligence
- Cyber incident response planning
If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.