Leave a comment

Scary new threat: Cryptolocker 2.0

Scary new threat: Cryptolocker 2.0
photo courtesy of SHUTTERSTOCK

There isn't a single virus you'd want on your computer, but there are a few that you really don't want. One of the worst is CryptoWall, the successor to the infamous CryptoLocker ransomware.

Like the name implies, ransomware encrypts your files and holds them hostage unless you pay up. In the case of CryptoWall, the price starts at $500 and you only have a limited time to pay up.

If you don't pay, your files are locked for good - unless you have a backup, which you should. Even some police departments have paid off CryptoLocker and CryptoWall hackers to get their files back. That's how serious it is.

As a bit of good news, though, the original CryptoLocker is all but dead. The FBI took down its control servers and security experts manage to crack its encryption so you can get your files back.

Unfortunately, CryptoWall isn't going to be as easy - if you can call it easy - to defeat. It's built to avoid the weaknesses that led to CryptoLocker's downfall.

Even worse, it's being spread in a way that's hard to avoid. You might have even come in contact with it in the last month.

CryptoWall is spreading through "malvertising." This is when crooks buy space on legitimate ad servers so their malicious ads show up on legitimate sites.

When a user clicks the malicious ad, they're taken to a site that attacks the computer looking for weak spots. If it finds one, it installs a virus and that's that.

Security firm Proofpoint recently tracked a large scale CryptoWall malvertising campaign that reached 3 million Internet users and made the hackers an estimated $25,000 a day.

The attack started in late September and ran until October 18, which means the hackers made more than half a million dollars.

Here are the sites where the ads ran:

  • Yahoo! Finance, Fantasy and Sports (yahoo.com)
  • AOL (realestate.aol.com)
  • The Atlantic ( theatlantic.com)
  • 9GAG (9gag.com)
  • match.com
  • The Sydney Morning Herald (www.smh.com.au)
  • realestate.com.au
  • The Age (theage.com.au)
  • stuff.co.nz (New Zealand 9),
  • societe.com
  • Dumpert (dumpert.nl)
  • Flirchi (flirchi.com)
  • Weatherzone Australia (weatherzone.com.au)
  • Brisbane Times (brisbanebrisbanetimes.com.au)
  • RSVP (rsvp.com.au)
  • The Canberra Times (canberratimes.com.au)
  • Time Out (US 1,145, Global 1,816),
  • The Beacon-News (beaconnews.suntimes.com, US 1,178),
  • Merca2.0
  • clicccar.com
  • iPhone for Hong Kong (iphone4hongkong.com)
  • Noticias Argentinas (noticiasargentinas.com)

To really sell the deception, hackers stole real ad images from real companies to use.

Here are the ad images Proofpoint found that hackers used in their attack:

CryptoWall Malvertising Ad CryptoWall Malvertising Ad CryptoWall Malvertising Ad CryptoWall Malvertising Ad CryptoWall Malvertising Ad CryptoWall Malvertising Ad CryptoWall Malvertising Ad CryptoWall Malvertising Ad

As you can see, they're ad images from CaseLogic, Microsoft, Fancy and a few other real sites. There's no way to know they aren't real before you click on them.

So, if there's no way to tell, how can you stay safe?

Fortunately, any malvertising attack relies on one thing to work - a security flaw on your computer. It might be in your browser, Windows, Adobe Flash or Reader, Java or another program.

If you don't have a security flaw the attack can exploit, then you're safe from that particular threat.

In the case of the malvertising above, it needed a flaw in Adobe Flash to run. If you regularly update Flash, then you wouldn't even notice the attack.

This is why I'm always reminding you to update your software and I run special notices when major patches arrive.

Of course, you also want to have security software installed to fend off other kinds of attacks. Click here to learn more about that and other essential security basics you need to do to keep your computer safe.

Also, make sure you read up on this new Windows flaw hackers are exploiting and how to avoid being a victim.

Next Story
Source: Proofpoint
View Comments ()
How to get more battery life on every phone
Previous Happening Now

How to get more battery life on every phone

The new Facebook app that hides your identity
Next Happening Now

The new Facebook app that hides your identity