An investigation by Cisco found that malicious advertisements on Disney, Facebook, The Guardian newspaper domains led unsuspecting visitors to be affected by malware. The computer users who were affected had ransomware installed on their devices.
Ransomware is malicious software that installs on your device without your consent - it gives the cybercriminal the ability to lock you out of your device, typically by encrypting your data. The cybercriminal will then offer to give you access to your data or device again, provided you pay.
Ransomware is quickly becoming the scourge of the Internet and Cisco Systems is reporting that several very popular web sites have recently been distribution points via malvertising. According to an investigation detailed on the Cisco Systems blog site, popular web sites including Disney and Facebook have been compromised to display infected advertisements that download a ransomware program similar to the notorious CryptLocker.
CISCO analyzed data accumulated by its Cloud Web Security (CWS) that monitors its customer’s web use and warns them if they have been visiting domains that could be malicious. Cisco’s analysis determined that in the last month there has been a dramatic increase in sites compromised by cyber criminals who use the RIG exploit kit (ET). According to Cisco, “ we have so far blocked requests to over 90 domains for more than 17% of our Cloud Web Security (CWS) customers” because of the RIG ET.
Cisco has determined that many of the sites compromised by the use of RIG have been spreading the Cryptowall ransomware via compromised advertisements, malvertising. These appear to be exploiting the following vulnerabilities:
Silverlight: cve-2013-0074
Java: cve-2013-2465 and cve-2012-0507
Flash: cve-2013-0634
(from Cisco)
Once ransomware has infected your device, it's extremely difficult to to retrieve your data due to the encryption that's used to scramble your information. Often users have to resort to restoring their devices back to factory defaults, losing their data. Proactively protecting your devices is the solution rather than reacting once it has happened.
Our advice is to ensure your data is backed up in the first place, so if this does happen you can restore your device without losing your data. User education is also extremely important, especially in business where not all employees may be technically proficient - train employees not to open attachments from unsolicited emails and be wary of websites that ask them to download and open files. Make sure all Operating System sand browsers are up-to-date and have all patches applied, and make it a requirement that anti-virus software on you and your employees devices - especially if employees use their own personal devices for business.
