CovidLock: the ransomware that exploits the Coronavirus

The Coronavirus emergency could not evade the cybercriminals who created an ad hoc threat: it’s called CovidLock and it’s a ransomware capable of infecting the devices of the unfortunate by blocking the screen.

The DomainTools team discovered the computer virus.  The researchers have constantly monitored the websites created using the names “Coronavirus” or “Covid19”. From this analysis a website was discovered, Coronavirusapp[.]site, where it is possible to download an Android app that promises to provide updates on Coronavirus and its spread, using heat maps. In reality, the app contains ransomware dubbed CovidLock. 

The virus blocks the victim’s mobile phone by changing the password. The screen is then blocked, with a warning message:

“Your phone is encrypted: you have 48 hours to pay $100 in bitcoin or everything will be erased.”

CovidLock, the ransomware that erases smartphone data

The message on the screen which is blocked by CovidLock continues very explicitly: 

1. Contacts, photos, videos, social accounts will be deleted, and the phone memory will be erased;
2. To avoid this, a code is required to decrypt the device that will disable the app and unlock data that will return to the way it was before;
3. To get this code it is necessary to send the $100 to an address provided by a specific button. 

And for those who decide on going to the authorities and report it, the message warns: the GPS of the victim is under control and the location is known, so:

“If you try anything stupid your phone will be automatically erased”.

DomainTools is looking for the key to decrypt the infected devices that will soon be made public. It is also monitoring the wallet used for the ransom. 

How to avoid scams in the Coronavirus days

The DomainTools team recommends downloading apps only from the app store and not from websites. It’s also a good idea to pay attention to the usual phishing emails and more generally to the websites the user is browsing, especially in these days of a frantic search for information. It is always preferable to rely on official websites and be wary of others.

Unfortunately, even Coronavirus-themed scams are becoming very common. They exploit the constant fear and search for information. The US Federal Trade Commission has issued a short guide for consumers with a few simple points:

• Don’t click on unknown sources, or there is a risk of downloading viruses onto the computer or device being used; 
• Be wary of emails that say they have up-to-date information about the disease and rely only on the World Health Organization (WHO) or Center for Disease Prevention and Control (CDC) websites.
• Ignore online vaccine offers: there are currently no vaccines and treatments to prevent or cure Covid-19
• For those who make donations, it is good to rely on certified websites and be wary of those who ask for cash, gift cards or transfers. 

A few simple points that are valid for everyone.