CryptoWall V2.0 now uses poisoned ads on dozens of major sites like Yahoo, AOL and Match.com to infect networks. Malicious ads are nothing new in themselves, but second-gen ransomware using them is worrisome.
Reports show that the sites themselves were not compromised; rather, the advertising networks upon which they relied for dynamic content were inadvertently serving malware. This means a so-called drive-by-download where the user does not have to click on anything. Up to now, CryptoWall was spread via spam with infected email attachments and download links sent by the Cutwail botnet.
The website visitors hit by this malvertising are people who run unpatched versions of Adobe Flash. The poisoned ads silently ‘pull in’ malicious exploits from the FlashPack Exploit Kit, hence the “drive-by-downloads”.
According to security researchers at Dell SecureWorks, more than 830,000 victims worldwide have been infected with ransomware, a 25% increase in infections since late August when there were 625,000 victims.
The first ransom usually has a deadline of 4-7 days and demands about $500. Even the bad guys understand it’s not always easy to get your hands on Bitcoins quickly. But when this first deadline is not made, the ransom doubles to roughly $1,000, depending on Bitcoin exchange rates.
Counting the ransom payments to CryptoWall’s Bitcoin addresses, Proofpoint estimates that the attackers make $25,000 per day. Recent data taken directly from the CryptoWall ransom payment server shows since August 2014 an additional 205,000 new victims have been claimed.
Want to know how well your practice or business is protected from todays’ and tomorrows’ ever evolving threats?
Let us provide your practice with a comprehensive security and threat assessment!
Call us today 781-826-9665