Ransomware Partners With Malvertising In Recent Attacks

Ransomware has surged in popularity for attackers over the past year. In a ransomware attack, a user’s files are encrypted and only released once a ransom is paid. Usually, this type of malware finds its way onto a user’s device through a malicious email attachment, or phishing website set-up specifically for infection. Neither of these methods are particularly efficient for criminals, however. That’s why, as Jeremy Kirk reports at TechWorld, ransomware attacks have begun appearing in conjunction with malicious advertisements on trusted websites.

Disney, Facebook and the Guardian Newspaper’s website were all found to be hosting malicious ads by Cisco Systems, who called the practice “insidious”. Also known as malvertising, legitimate websites are tricked into displaying ads that redirect users to malicious domains. While advertising networks are working hard at protecting websites against malvertising, their security is far from perfect, which leads to attacks like these.

For users, not only is the website trusted, but so is the ad. The advertisement of legitimate and trusted companies is shown, but while the user is expecting to visit that company’s website, a click actually delivers them to a site that downloads malware to their device.

In the attacks noticed by Cisco, an exploit kit on the malicious site checked for any vulnerabilities in a user’s version of Flash, Java or Silverlight. Those who hadn’t patched vulnerabilities were exploited and a ransomware relative of Cryptolocker, called CryptoWall, was installed. CryptoWall then encrypted files and demanded a ransom. The longer a user delays, the higher the ransom gets.

The group behind the attacks hasn’t been identified yet and no real protection is being offered. To avoid infection, you could avoid clicking on any advertisements online, but even that doesn’t protect you against attacks that only require the display of malvertisements. A better course of action would be to ensure that all of your applications are fully updated and patched. Then, be aware of what you’re clicking on and what website you expect to load.

If any of your devices are infected with malware, come to Geek Rescue or give us a call at 918-369-4335.