Friday, May 2, 2025
HomeCyber AttackFake COVID-19 Test Results Drop King Engine Ransomware

Fake COVID-19 Test Results Drop King Engine Ransomware

Published on

SIEM as a Service

Follow Us on Google News

According to Cofense Intelligence researchers, a new version of Hentai OniChan Ransomware dubbed “King Engine” is being delivered during a Coronavirus-themed phishing campaign.

The new variant called King Engine exfiltrates data and demands a huge amount as ransom, which is significantly on top of previously analysed versions of Hentai OniChan campaigns.

In previous campaigns, cybercriminals used the Berserker variant of this ransomware, which used similar phishing emails to focus on the financial and energy sectors and did not exfiltrate data. 

- Advertisement - Google News

However, this is a tough campaign that uses the COVID-19 scare to compromise the victim’s device.

The spike in coronavirus cases during October has led to more testing and makes this sort of phishing campaign even more threatening. 

This campaign uses common tactics, techniques, and procedures (TTPs) to reach end-users and deliver Hentai OniChan Ransomware that belongs to the Quimera Ransomware family. 

During this scam, attackers are sending emails that contain the recipient’s Coronavirus test result in an attachment, which is simply a lure to convince the victim to open the attachment.

Phishing Email Delivering Hentai OniChan Ransomware

As shown in the image above, the e-mail provides a password for opening the document and mentions the name of a nurse who can answer their questions. However, it is a trick to form an e-mail that appears legitimate.

Hentai OniChan Ransomware 

Cofense Intelligence researchers stated that Hentai OniChan Ransomware was discovered in September and is found in an environment protected by Symantec, Proofpoint, Cisco IronPort, Microsoft ATP, and TrendMicro.

The downloadable PDF or HTML attachment contains components to drop and run the ransomware executable encrypting victims and holding them hostage, promising to supply decryption upon receipt of the ransom payment.

Once the target’s files are encrypted, the ransom note is provided to the victim affected which contains the way to pay the ransom, price to be paid 50 BTC (£524,725 – €584,299- $676,000), Bitcoin address, timeline, and contact email address.

Conclusion

As the COVID-19 pandemic is considered the most crucial global health calamity of the century, it is no surprise that malware authors are exploiting the pandemic. An outsized number of individuals have taken a test and awaiting results.

So if you are on the web, you are susceptible to such attacks. Ensure you don’t fall to these scare tactics and don’t download or open files from anonymous users.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Infamous Maze Ransomware Operators Shuts Down Operations

Vermont Hospitals Now Latest Victim of Ransomware Attacks

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a...

Disney Hacker Admits Guilt After Stealing 1.1TB of Internal Data

A 25-year-old man from Santa Clarita, California, has agreed to plead guilty to hacking...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

TheWizards Deploy ‘Spellbinder Hacking Tool’ for Global Adversary-in-the-Middle Attack

ESET researchers have uncovered sophisticated attack techniques employed by a China-aligned threat actor dubbed...