Ransomware has become the malware of the season. Other malware, viruses and trojans are things of the past. Cyber criminals seem to find bitcoin ransomware more profitable than other malicious software. The number of bitcoin ransomware attacks stands evidence to it.
Bitcoin ransomware is a malware that encrypts all the files and folder on any computer it infects. Once the data is encrypted, it will show a message demanding the infected user to pay a certain amount in bitcoin to a wallet address in order to gain back access to his files and folders. In many cases, it is hard to decrypt the affected files without the help of the original decryption key, which is only available with the perpetrator. In instances where the computer holds very important data, which is not backed up, victims will be forced to pay the ransom for the decryption key, so that the access can be restored.
The criminals behind bitcoin ransomware attacks are finding new ways of infecting computers. The latest one is through major news websites, where such threat is least accepted by readers. Who would expect their visit to reputed news sites like BBC, New York Times, AOL or NFL will result in them getting locked out of their own computer? No one, maybe that’s the reason why the criminals chose it as a method of delivery.
To clarify, these news sites did not host the malware on their servers so that it can infect their readers, it will be like shooting oneself in the foot. The ransomware was distributed through various ad networks supported by these news sites. The ads displayed on the website were hijacked, redirecting the unsuspecting reader to malicious servers hosting ransomware. Once the reader is on these servers, the computer will be scanned for security vulnerabilities and once a vulnerability is detected, the malicious package containing the ransomware will be delivered.
According to Malwarebytes Labs’ cybersecurity blog, these attacks originated from two domains – TrackMyTraffic.biz and Talk915.pw. These two domains were said to have started serving malicious content few days before the actual attack. The blog reports that these domains started pushing RIG exploit kit to small publishers. However, on Sunday these domains scaled up the attack by pushing Angler exploit kit, The Angler exploit kit is a software package that identifies security loopholes in the system. It is widely used by hackers and cyber criminals. Malwarebytes states that the version of Angler exploit kit they found is the most recent one with details of the latest Silverlight vulnerability which was patched recently.
The discovered version of Angler exploit kit was designed to deliver a cryptolocker – style ransomware once a loophole is detected so that it can get to work. There have been numerous instances of bitcoin ransomware attacks on businesses, individuals, hospitals, banks and even government offices. These attacks are always followed by ransom demand. However, it is never a good idea to pay ransom as there is not guarantee that the perpetrator will adhere to his word or that he will not attack again.
It is always advisable to take all necessary precautions to avoid becoming a victim of cyber-attacks. People can follow few simple steps to protect themselves to a great extent. Always remember to – use genuine software, keep the software up-to-date, invest in a good anti-virus software, backup all important data on a regular basis and never download or open email attachments from unknown sources. Following these simple practices can save a lot of trouble.
Ref: Guardian | Malwarebytes LABS