A new variant of Punisher ransomware was discovered recently. The malware spreads through a fake COVID tracking application and its victims are users from Chile.
The threat actors still take advantage of the victims’ need to track COVID-related information.
Cyble researchers unraveled the phishing website hosted at covid19[.]digitalhealthconsulting[.]cl. This fake site deployed ransomware disguised as a COVID tracking application.
Punisher ransomware utilizes a free template of a ransom note which is personalized by adding content specific to each of its targets. The note is found in a file shortcut named “unlock your files.lnk” and demands the user to pay $1000 in Bitcoin for the decryption key.
Looking at its way of operating and the sum of money demanded from the victims, this strain of ransomware seems to be designed for individual users, rather than for large organizations
“The files encrypted by this ransomware can also be easily decrypted as it uses AES-128 symmetric algorithm for its encryption,” Cyble added.
