Blog

New on our radar…ads spreading crypto ransomware

Crypto Ransomware disguised within ads on big time sites

Ads featured on sites such as The New York Times, the BBC, MSN and AOL have exposed thousands of users to crypto ransomware. Angler, a toolkit that sells exploits for Adobe Flash, started the wave of encrypted ads last week pushing laced ads through a compromised network, according to researchers at Ars Technica.

 

The ads contained a JSON-based file with more than 12,000 lines of obscure codes. Angler attacks unsuspecting users with Bedep Trojan and the TeslaCrypt ransomware, a nasty combination. The three suspicious domains to be aware of are trackmytraffic[c],biz, talk915[.]pw and brentsmedia[.]com. The hacking has spread to answers.com, zerohedge.com, as well as infolinks.com. In addition, affected networks consist of those owned by big names such as Google, AppNexis, AOL, and Rubicon.

 

The best thing users can do at this point is enforce safe browsing. Decreasing the probability of attacks means decreasing the attack surface. Uninstall third-party extensions such as Adobe Flash and Microsoft Silverlight unless necessary. In addition to this, keep installations up to date by following updates as soon as they are made available. Using the 64-bit version of Chrome for browsing is one of the safer ways to browse. Microsoft users should work with Windows 10 and Microsoft’s Enhanced Mitigation Experience Toolkit.