Hospitals in Spain have been targeted with coronavirus-themed phishing lures by attackers looking to lock-down their systems with Netwalker ransomware.
Local reports indicate that medical centres have been receiving emails purporting to offer "information on COVID-19", but with PDF attachments that activate the ransomware, commonly associated with computer crime groups in Eastern Europe.
Information has been passed to Spain's National Police.
Spain has been particularly hard hit by the coronavirus COVID-19, with the fourth-largest outbreak in the world
Netwalker is a variation of the Mailto ransomware. It was first identified earlier this year targeting businesses and the public sector. It targets Windows 10 systems and can deactivate anti-virus software. However, in order to avoid tripping corporate security alarms it doesn't terminate security features such as Fortinent endpoint protection.
In an analysis last week, security specialist Davey Winder described Netwalker as "as nasty as it is sophisticated".
He explained: "[It] can inject malicious code right into Windows Explorer, researchers at security solutions company Quick Heal discovered. By using a technique of ‘process hollowing' to achieve this process code injection, the ransomware actors hope to evade detection.
"Process hollowing is a defence evasion technique, unmapping memory of a suspended state process and replacing it with malicious code, that is effective against whitelisting and signature-based detection."
Cybercriminals switched from traditional sextortion scam to #covid19 themed emails. They no longer blackmail the recipient rather than kindly asking you to donate bitcoins to WHO.— abuse.ch (@abuse_ch) March 22, 2020
"donations made via bitcoin are tax deductible in the U.S. and Europe" 😁
/cc @WHO pic.twitter.com/zFsVfn1S6U
The group behind Netwalker started using coronavirus phishing lures last week, according to MalwareHunterTeam, at the same time that other groups were pledging to avoid medical facilities.
Spain has been particularly hard hit by the coronavirus COVID-19, with the fourth-largest outbreak in the world, and the second in Europe after Italy. The impact of the virus in Spain has been attributed, in part, to a slow initial response following the first diagnosis of the virus.
Most tools are 'vendor agnostic' and can target products from some of the largest ICS original equipment manufacturers, warns FireEye
The attempt, however, was unsuccessful
Microsoft: Two zero-day vulnerabilities in Windows Adobe Type Manager Library are actively being exploited
All supported versions of Windows operating system are affected
These vulnerabilities impact Cisco products using SD-WAN software earlier than Release 19.2.2
Almost 40 per cent of the attacks launched by the group, also known as Pawn Storm, launched over the past year targeted defence companies