Spanish hospitals targeted with coronavirus-themed phishing lures in Netwalker ransomware attacks

Groups behind Netwalker switched phishing baits to coronavirus last week - as other ransomware groups pledged to avoid medical facilities

Hospitals in Spain have been targeted with coronavirus-themed phishing lures by attackers looking to lock-down their systems with Netwalker ransomware.

Local reports indicate that medical centres have been receiving emails purporting to offer "information on COVID-19", but with PDF attachments that activate the ransomware, commonly associated with computer crime groups in Eastern Europe.

Information has been passed to Spain's National Police.

Spain has been particularly hard hit by the coronavirus COVID-19, with the fourth-largest outbreak in the world

Netwalker is a variation of the Mailto ransomware. It was first identified earlier this year targeting businesses and the public sector. It targets Windows 10 systems and can deactivate anti-virus software. However, in order to avoid tripping corporate security alarms it doesn't terminate security features such as Fortinent endpoint protection.

In an analysis last week, security specialist Davey Winder described Netwalker as "as nasty as it is sophisticated".

He explained: "[It] can inject malicious code right into Windows Explorer, researchers at security solutions company Quick Heal discovered. By using a technique of ‘process hollowing' to achieve this process code injection, the ransomware actors hope to evade detection.

"Process hollowing is a defence evasion technique, unmapping memory of a suspended state process and replacing it with malicious code, that is effective against whitelisting and signature-based detection."

The group behind Netwalker started using coronavirus phishing lures last week, according to MalwareHunterTeam, at the same time that other groups were pledging to avoid medical facilities.

Spain has been particularly hard hit by the coronavirus COVID-19, with the fourth-largest outbreak in the world, and the second in Europe after Italy. The impact of the virus in Spain has been attributed, in part, to a slow initial response following the first diagnosis of the virus.