The latest ransomware attack is targeting major online outlets by accessing Microsoft Silverlight and Adobe Flash, leading to exploits in unprotected ad networks.
Last week we reported how Apple’s OS X platform was subject to its first ever ransomware attack, highlighting how dangerous this kind of cyberattack has become.
Windows has long been targeted for ransomware attacks, and it seems that the last 24 hours has seen a large number of new crypto-ransomware attacks, which are targeting major websites.
Of course, large scale websites often have the best security, so the attacks clearly have a high level of sophistication. Indeed, ransomware software can be so hard to remove that the FBI often advises businesses just pay the ransom to unlock their files.
The problem with that tactic is it can take hundreds of dollars to unlock the ransomed files, while in many cases the files are not released even if the ransom is paid.
Trend Micro has reported that the Angler Exploit Kit attack has been exposing vulnerabilities in Microsoft Silverlight and Adobe Flash to place ransomware onto unprotected ad networks. Malwarebytes added that the ransomware has attacked major online outlets such as MSN, NFL.com, The New York Times, and the BBC.
Dubbed “malvertising,” the exploit and cyber-security expert and anti-malware company Malwarebytes discovered a number of domains that are suspicious and the places where the ransomware ads are stored.
Google’s ad network carried trackmytraffic.biz, while the AOL, Rubicon and AppNexus ad networks carried talk915.pw as well. Other suspicious domains include brentsmedia.com, evangmedia.com and shangjiamedia.com.
Speaking of the attack, Ars Technica provided the following quote from SpiderLabs at Trustwave, detailing the nature of the Angler EK:
“If the code doesn’t find any of these programs, it continues with the flow and appends an iframe to the body of the html that leads to Angler EK [exploit kit] landing page. Upon successful exploitation, Angler infects the poor victim with both the Bedep trojan and the TeslaCrypt ransomware–double the trouble.“