Home / News & Resources / News & Updates / Stark warning that ransomware attacks are the next consequence of the coronavirus outbreak

Stark warning that ransomware attacks are the next consequence of the coronavirus outbreak

  • Posted on

If people and businesses across the world don't have enough to worry about, a new report warns that ransomware attackscould bean additional consequence of the coronavirus outbreak.RiskIQ - a world-leading cybersecuritycompany -made the stark forecast.

In its latest intelligence brief, RiskIQ states that, as the coronavirus spreads around the globe, it is likely that cybercriminals will leverage global anxiety to execute ransomware attacks.

The report also highlights how cybercriminals have deployed many of the attack methods being used during previous international health scares.

What types ofransomware attacksand cyber-scams should we look out for?

RiskIQbelievesthat the most likely methods of attack involve phishing campaigns.Phishing scammers use emails, texts, websites, phone calls and social media to access data, computers/networks, or financial accounts.Tricking peopleinto thinking they are responding to a legitimatecommunication, theultimate goal is to steal money and/or personal information (to commit identity or financial fraud).

In particular,RiskIQturns the spotlight onthreeidentified phishingoperations.


UsingAZORultmalware-which isa credential and payment card information-stealer- perpetratorshave beensending emails with malicious Microsoft Word documents attached.Targets have included companies from a variety of sectors where the coronavirus outbreak could disruptsupplychain operations and revenue streams.In the past,AZORulthas been used to download ransomware as a secondary infection, and RiskIQ expects thatcybercriminals will followthe previouspattern.


Criminals are using phishing scams to spread theEmotetTrojan. This comes in the form ofmalicious messages that purport to contain information about coronavirusand capitalise on our desire to learn more about the threat.Emotethas been able to disruptgovernmentsand private sectors as well as individuals and organisations.TheEmotetTrojan has also been usedpreviouslyin conjunction with ransomware.

Phishing links

Cybercriminals aresending emails that claim theexistence of "unreleased cures". The email urges recipients to click on alink tofind out more. Victims are then asked toshare personalinformationto receive thesought-afterinformation.

Also, some phishing campaignsuse fake domains claiming to be from organisations such astheCentrefor Disease Control and Prevention (CDC) and the WorldHealthOrganisation (WHO). These emailsask people tovisittheir website anddownload health and safetydocuments to help stop the spread ofcoronavirus. Victims believe the link is taking them togenuinewebsites, but it redirects them to fakesites where they are asked to verifytheir username and password.Thisinformation isthensent to the attackers.

Afurtherwarning from Hayes Connor Solicitors

The RiskIQ report gives weight to predictions made byHayes Connorafter weraised concerns about a potential increase in data breaches during the coronavirus pandemic.In particular, we are worried about:

  • An increase in phishing emails and coronavirus scams
  • How data will be processed and shared at a time whentechnological innovation- while necessary - is happening at speed
  • An increase in human error - due to heightened levels of stress and anupsurgein homeworking.

Talking about the heightened concerns over ransomware, data protection heavyweight and Hayes Connor MD, KingsleyHayessaid:

"Right now, information has never been more valuable. Not least because those on the frontline need it to track the pandemic, target resources, ensure accurate data,and save lives.

"However,as the coronavirus situation escalates, we are all feeling more anxious than usual.And it is to be expected that mistakes might increase when people are worried and confused.So, at this time of crisis, now more than ever,both businesses and individualsmustdeploy stringent data security.Not least because,human error is the greatest cause of data breaches,and, in many cases,malwareand ransomware attacks are only possible because companies haven't educated people about the risks and put the necessary security measures in place.

"Bymakingrobust data securitya priority, we can all ensure that criminals don't have the power to stop our efforts to fight the virus."

How to reduce the risk

The National Cyber Security Centre advises organisations to have a mobile working policy to ensure that all staff are aware of the increased risks.Because it only takes one stressed employee to click on a dangerous link to start adevastatingchain of events.

RiskIQalso suggests the following security measures for organisations and business owners:

  • For information about the coronavirus, visit the WHO's website.
  • Only use trusted news sources for additional information
  • Do not click on links or open attachments in unsolicited email messages
  • Run up-to-date security software on your computer
  • Educate users to be on guard for threats, likeEmotet, that present emails that appear to be unexpected replies to older email threads, emails that seem out of context, or messages from familiar names but are sent from unfamiliar email addresses
  • Ensure systems are patched on time.
  • Update endpoint detection and response and anti-virus solutions deployed
  • Segregate networks to limit the reach of self-propagating malware.
  • Review privileged access and users to enforce principles of least privilege
  • Keep up to date on blacklists of malicious IPs and compromised websites.

For individuals, Hayes Connor has collated some top tips on how to protect yourself from coronavirus scams. This means:

  • Never clicking the links or attachments in suspicious emails or texts
  • Only visitingthe WHO websiteor another trusted sourcefor information about the coronavirus,
  • Never responding to unsolicited messages and calls that ask for your personal or financial details
  • Understanding that a genuine bank or other financial organisation will never contact you out of the blue to ask for your PIN or full password
  • Knowing that a legitimate bank or other business would never ask you to move money to another account for fraud reasons
  • Not assuming that an email, text or call is authentic. Just because someone knows your details (such as your name and address or even your mother's maiden name), it doesn't mean they are genuine
  • Being careful about who you trust. Criminals often try and trick people by telling them that they have been a victim of fraud and scaring them into revealing their security details
  • Knowing that criminals can make any telephone number appear on your phone handset, so even if you recognise a number, or it seems authentic, it might not be genuine
  • Not being rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot
  • Listening to your instincts. If something feels wrong, then it is right to question it
  • Having the confidence to refuse requests for personal or financial information. Stop the discussion if you do not feel in control of it
  • Never hesitating to contact your bank or financial service provider on a number you trust, such as the one listed on their website or the back of your payment card
  • Being careful when making a purchase from a company or person you don't know and trust
  • If you decide to go ahead with the purchase, use a credit card if you have one, as most major credit card providers insure online purchases
  • Always installing the latest software and app updates to protect your devices from the latest threats.

You can read the RiskIQ report in full here.