A variant of Hentai OniChan Ransomware known as “King Engine” ransomware is being delivered to victims in a Coronavirus-themed phishing campaign that was discovered in late 2020. The variant exfiltrates data and demands a significantly higher ransom than ransoms previously requested during Hentai OniChan campaigns. According to researchers, this campaign uses the COVID-19 pandemic to compromise the victim’s device by sending emails that claim to contain the recipient’s Coronavirus test result in an attachment.
Fake COVID Test Result Phishing Emails Come Loaded with Ransomware
The emails being sent by hackers provide a password for opening the doc and refers to a nurse who can answer their questions. Once opened, the downloadable PDF or HTML attachment drops and executes the Hentai OniChan ransomware on the recipient’s device. After exfiltrating data, victims are asked to pay a whopping 50 BitCoin.
50 BitCoin is an absurdly high figure, which may not compel many victims to pay. In addition to the absurd price, the email address mentioned on the ransom note is a Gmail address, which leads some experts to believe that the hackers behind the campaign are newer and lesser experienced crooks.
Researchers from Cofense Intelligence stated in a blog post that the Hentai OniChan ransomware was first discovered in September of 2020. As COVID-19 infections have risen around the globe, a large number of people have taken a test and find themselves awaiting results. As a result, attackers get to exploit a real threat, and it seems to be working in their favor at this time.
As we continue to navigate this era of the Coronavirus pandemic, you can bet that hackers will continue to exploit the fear and frenzy associated with the disease for financial gain.