Ransomware is a hot topic with every European customer & partner I meet currently. Not a week goes by now without a conference call or meeting with an organisation that has been impacted by a ransomware attack. The impact can range from as little as one PC encrypted all the way to every network shared drive encrypted; either way, quite an impact. One prospective customer caught a ransomware attack in mid-flight just last week encrypting files in front of his eyes.
Ransomware is just the latest in a long line of hacking techniques used by attackers to monetize their ability to hack devices connected to the internet; because they can.
The reality is that a ‘new’ attack mechanism is being used via the web today to allow Ransomware to be successful – ‘Malvertising’. Malvertising is typically a malicious ad that will load in your browser when you visit a popular website (unless you use an Ad Blocker tool – more on this later). The malicious ad loads in your browser and then attempts to hack your computer via your browser. This is often a flash or java based vulnerability; third party plugins considered easy targets by attackers.
If we take one such example in March 2016, one attacker waited patiently for the domain ‘brentsmedia[.]com’ to expire, registered in Utah, USA , a known ad network content provider. The domain in question had expired ownership for 66 days, was then taken over by an attacker in Russia (Pavel G Astahov) and 1 day later was serving up malicious ads to visitors of sites including the BBC, AOL & New York Times. No-one told any of these popular websites until the malicious ads had already appeared.
It’s a reasonable assumption that attackers pro-actively look for these domains and take ownership as & when they expire. Who hasn’t forgotten to renew a domain? Every month the media report incidents from popular websites such as Forbes, Huffington Post, Yahoo and our own British example BBC serving up malware via malicious ads. Even Ad Blocker technology providers such as Pagefair are successfully compromised; their platform served up malicious code over Halloween 2015 to many of their customers websites.