Fake COVID-19 Test Results Drop King Engine Ransomware


This is a difficult campaign that utilizes the COVID-19 scare to compromise the victims gadget.

As revealed in the image above, the e-mail provides a password for opening the document and discusses the name of a nurse who can address their questions. However, it is a technique to form an e-mail that appears genuine.

If you are on the web, you are susceptible to such attacks. Ensure you do not be up to these scare tactics and do not download or open files from anonymous users.


This campaign utilizes common techniques, methods, and treatments (TTPs) to reach end-users and provide Hentai OniChan Ransomware that comes from the Quimera Ransomware household..

In previous projects, cybercriminals used the Berserker variant of this ransomware, which used comparable phishing e-mails to focus on the monetary and energy sectors and did not exfiltrate information..

Vermont Hospitals Now Latest Victim of Ransomware Attacks.

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity and hacking news updates.

The new alternative called King Engine exfiltrates data and requires a huge quantity as ransom, which is considerably on top of formerly analysed variations of Hentai OniChan campaigns.

Hentai OniChan Ransomware.


During this scam, assaulters are sending emails which contain the recipients Coronavirus test lead to an accessory, which is merely a lure to encourage the victim to open the accessory.

As the COVID-19 pandemic is considered the most crucial worldwide health catastrophe of the century, it is no surprise that malware authors are exploiting the pandemic. An outsized number of people have taken a test and awaiting outcomes.

The spike in coronavirus cases throughout October has led to more screening and makes this sort of phishing project much more threatening..

Phishing Email Delivering Hentai OniChan Ransomware.

Cofense Intelligence scientists mentioned that Hentai OniChan Ransomware was found in September and is discovered in an environment protected by Symantec, Proofpoint, Cisco IronPort, Microsoft ATP, and TrendMicro.

The downloadable PDF or HTML accessory includes parts to drop and run the ransomware executable securing victims and holding them hostage, promising to provide decryption upon invoice of the ransom payment.

According to Cofense Intelligence scientists, a new version of Hentai OniChan Ransomware called “King Engine” is being delivered throughout a Coronavirus-themed phishing campaign.

Infamous Maze Ransomware Operators Shuts Down Operations.

When the targets files are secured, the ransom note is supplied to the victim affected which contains the method to pay the ransom, price to be paid 50 BTC (₤ 524,725– EUR584,299- $676,000), Bitcoin address, timeline, and contact email address.