Tweet
http://arstechnica.com/security/2016...files-hostage/
"The website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, has been caught pushing ransomware that holds visitors' files hostage until they pay a hefty fee.
Malicious files provided by the Angler exploit kit were hosted directly on the homepage of Maisto[.]com, according to antivirus provider Malwarebytes. The attack code exploits vulnerabilities in older versions of applications such as Adobe Flash, Oracle Java, Silverlight, and Internet Explorer. People who visit Maisto[.]com with machines that haven't received the latest updates are surreptitiously infected with the CryptXXX ransomware. Fortunately for victims in this case, researchers from Kaspersky Lab recently uncovered a weakness in the app that allows users to recover their files without paying the extortion demand. People infected with ransomware in other drive-by attacks haven't been so lucky.
According to Malwarebytes Senior Security Researcher Jerome Segura, the infection on the Maisto homepage was discovered by fellow researchers at website security firm Sucuri. One of the company's tools has detected the site was running an out-of-date version of the Joomla content management system, which is presumed to be the way attackers were able to load the malicious payloads on the homepage.
The website infection bears similarities to an attack targeting sites running Microsoft's IIS Web server platform that Sucuri disclosed last month. That campaign also embedded exploits available from Angler, although they were used to push ransomware including CryptoWall or TeslaCrypt.
Further Reading
Big-name sites hit by rash of malicious ads spreading crypto ransomware [Updated]
New malvertising campaign may have exposed tens of thousands in the past 24 hours.
The attacks come a month after advertisements delivered on some of the Internet's most visited websites were found delivering Angler exploits pushing ransomware. These regularly occurring attacks are a potent reminder that people can be infected even when they visit websites they know and trust.
They underscore the importance of installing security updates as soon as they become available and uninstalling Web plugins unless they're absolutely necessary. An added protection against the threat of cryptoware is to put in place a backup system that prevents stores backed up files in a location that can't be altered or deleted without a password."
"The website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, has been caught pushing ransomware that holds visitors' files hostage until they pay a hefty fee.
Malicious files provided by the Angler exploit kit were hosted directly on the homepage of Maisto[.]com, according to antivirus provider Malwarebytes. The attack code exploits vulnerabilities in older versions of applications such as Adobe Flash, Oracle Java, Silverlight, and Internet Explorer. People who visit Maisto[.]com with machines that haven't received the latest updates are surreptitiously infected with the CryptXXX ransomware. Fortunately for victims in this case, researchers from Kaspersky Lab recently uncovered a weakness in the app that allows users to recover their files without paying the extortion demand. People infected with ransomware in other drive-by attacks haven't been so lucky.
According to Malwarebytes Senior Security Researcher Jerome Segura, the infection on the Maisto homepage was discovered by fellow researchers at website security firm Sucuri. One of the company's tools has detected the site was running an out-of-date version of the Joomla content management system, which is presumed to be the way attackers were able to load the malicious payloads on the homepage.
The website infection bears similarities to an attack targeting sites running Microsoft's IIS Web server platform that Sucuri disclosed last month. That campaign also embedded exploits available from Angler, although they were used to push ransomware including CryptoWall or TeslaCrypt.
Further Reading
Big-name sites hit by rash of malicious ads spreading crypto ransomware [Updated]
New malvertising campaign may have exposed tens of thousands in the past 24 hours.
The attacks come a month after advertisements delivered on some of the Internet's most visited websites were found delivering Angler exploits pushing ransomware. These regularly occurring attacks are a potent reminder that people can be infected even when they visit websites they know and trust.
They underscore the importance of installing security updates as soon as they become available and uninstalling Web plugins unless they're absolutely necessary. An added protection against the threat of cryptoware is to put in place a backup system that prevents stores backed up files in a location that can't be altered or deleted without a password."
Comment