SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
24 Oct 2014

CryptoWall ransomware infects millions

A sophisticated cyber-crime campaign is leaving millions of people vulnerable to having malware installed on their computers simply by visiting high profile websites such as Yahoo, Match.com, and AOL.

The campaign is using the fast-growing method of 'malvertising' to spread a pernicious form of malware called ransomware - in this case CryptoWall 2.0 - which encrypts all the files on the hard drive of a victim's computer, and if the victim doesn't pay a ransom by deadline, those files are lost forever.

Research by security company Proofpoint indicates that up to 3 million people would have been exposed to the malvertisments since the campaign was first detected on 18 September, 2014. The researchers were even able to estimate how much money the criminals were earning on a daily basis as the ransoms are charged in bitcoin, meaning all payments are traceable via the public blockchain (although not linked to a culprit).

According to the data collected by Proofpoint, the criminals are earning up to $25,000 (£15,500) every day from the scheme, and are using a complex bitcoin laundering method to hide their ill-gotten gains.

Failure to pay the ransom before the deadline expires - which is a dynamically generated amount of bitcoin equating to $500 -  results in victims' hard drives being permanently encrypted, thus rendering them effectively useless, with all information inaccessible.

At this time, Proofpoint does not have any information about who placed the Malvertising with the ad networks - and the nature of malware and bitcoin is such that there's no conclusive data at this time about who's behind the campaign.

Ad networks

Proofpoint has identified a large number of websites serving the malware (listed on the right) but points out that the websites themselves have not been compromised, as the malicious ads are served through advertising networks.The researchers discovered that the malware was being spread through three high-profile ad networks - Rubicon Project, OpenX, and Right Media/Yahoo Advertising.

 Again, it was not that these companies' networks were compromised, but they simply failed to carry out adequate checks as to whether or not the ads being served on their networks were malicious. Proofpoint says it "believes the issue to be resolved" at this stage as the last detection of issues related to this campaign was 18 October.

Pernicious

However, while this campaign may be finished, the malicious adverts are likely to be re-used and could be active once again as part of a new campaign targeting different websites/ad networks. The campaign used stolen images and advertising copy from brands such as Fancy, Bing, and Case Logic which looked identical to real ads which might appear on the website.

The pernicious nature of this type of cyber-attack means there is no obvious indicator that a site has been compromised, yet a victim's computer can be infected just by visiting the website, and without having to click on a link.

According to Proofpoint: "Malvertising attacks are particularly hard to detect because most advertising on trusted sites comes from a variety of ad networks – different visitors will see different ads from different places, not all of which will be malicious."

The use of ransomware in the form of CryptoWall 2.0 is another indication of a growing trend among cyber-attacks. The rapid proliferation and success of another piece of ransomware - Cryptolocker - beginning in late 2013 has raised awareness of this threat in both enterprise IT security and among the general public.

Tags:
Yahoo CryptoWall information leaks malvertising
Source:
Yahoo News
1997
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015