Prior to COVID-19, children spent most of the day at school. That’s where many were first introduced to Internet safety and were protected when going online by systems that filter or restrict access to online content.
Schools have always provided protective environments against content like pornography and also protected children from threats such as viruses and unmoderated social media. This is usually done using filters and blacklists applied to school devices or through the school’s Internet connection.
But with many children learning from home, most parents may not be aware of the need for the same safeguards. Many parents are also working from home, which may limit the time they have to set up a secure online environment for kids.
So, what can parents do to keep their children safe?
As a result of increased online learning, downloading new applications and receiving more email, children could be exposed to a new batch of malware threats in the absence of school-based controls.
This can include ransomware threats – for example, CovidLock which is an application offering coronavirus-related information that targets the Android operating system and modifies the PIN code for the lock-screen. If infected with CovidLock, the user can lose total access to their device.
CovidLock was found on the website coronavirusapp.site, which is one more to add to the list of “sites to not visit or trust”.
The website recommends users download and install an app that they claim offers regular updates about coronavirus, including notifying users when the virus reaches where they live. It also claims to offer heatmap visuals that show the spread of infection across an area.
CovidLock Locks Users Out of Computers
While the website appears to display information straight from the World Health Organization and the Centers for Disease Control and Prevention, it actually serves as a host for the “CovidLock” ransomware. The ransomware, as expected, locks users out of their devices and demands a ransom payment.
The ransomware works by changing the lock screen on the infected device, demanding a ransom of $100 in bitcoin. Victims are told if they pay the ransom they will receive a decryption key to unlock their screen and get back control over their device.
CovidLock threatens that all information on the device will be erased if payment isn’t received within 48 hours. All of the information on the phone, including photos, videos, messages, and contacts, will all be deleted.
The ransom note is written in a way to scare victims into complying with the hackers demands. The message reads:
“YOUR GPS IS WATCHED AND YOUR LOCATION IS KNOWN. IF YOU TRY ANYTHING STUPID YOUR PHONE WILL BE AUTOMATICALLY ERASED.”
The good news is that DomainTools claims they have reverse engineered the decryption key for the CovidLock ransomware. They say that they will post the decryption key publicly for anyone affected by it.