Guardian, Facebook and Disney domains send users to ransomware downloads

Security

by Jimmy Nicholls| 06 June 2014

Malvertising trend now affecting major websites.

Adverts luring people into ransomware attacks have been discovered on websites belonging to Disney, Facebook and the Guardian, claimed Cisco in a blog.

Exploiting vulnerabilities on the web technologies Silverlight, Java and Flash, Cryptowall ransomware is downloaded to the victim's computer after they click the advert, with those infected sent a message informing them of the breach.

Andrew Tsonchev, a software engineer at networking firm Cisco, said: "Ransomware has proved to be a very successful form of extortion and we are likely to see new variants on the CryptoLocker theme for quite some time."

The malware, which encrypts machines before demanding payment from victims to unlock them, was revealed following an investigation by Cisco, after it noticed it was blocking access to 90 domains for more than 17% of its cloud customers.

Once the breach has occurred victims are instructed to install the anonymous Tor web browser, navigating to a personalised page that demands victims send $600 or €600 for their computer to be decrypted.

"Given the recent high profile reports of an FBI shutdown of Cryptolocker, it is worth remembering that whilst Cryptolocker has proven to be an extremely potent threat, it is just one of several forms of ransomware, including Cryptowall and CryptoDefense," Tsonchev added.

"Drive-by" downloads infecting users with ransomware have been another recent trend in cyber security, with details of the CryptoDefense ransomware emerging last month.

Action by the UK's National Crime Agency and the FBI shut down a network distributing CryptoLocker this week, leaving a fortnight for IT security to be braced against future attacks.

Security firm Bromium Labs, who conducted an investigation on CryptoDefense, said: "With the widespread success and proliferation of such ransomware, it's obvious that traditional approaches to end user security are failing to offer countermeasures against this kind of threat."

"When it comes to dealing with ransomware the best advice is to be proactive: maintain regular and full backups in case the worst should happen," Tsonchev said. "Regularly updated and patched machines which do not have rich media platforms such as Flash and Silverlight enabled remain relatively immune from these kinds of attacks."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

732 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.