Researchers have recently revealed that the CryptoWall 2.0 Ransomware was being used to target popular websites like 9Gag, AOL, Yahoo, etc; through a malvertising campaign. Around three million users were being exposed to this file-encrypting malware per day. However, websites themselves were not compromised but the network pushing the advertisements on these websites is the one being compromised. Researchers observed three major ad networks OpenX, Rubicon Project and Right Media/Yahoo Advertising that were delivering malvertisements to websites. They also estimate that the hackers have made about $25 000 in Bitcoins per day. The profit from the entire campaign is supposedly about $750, 000.
Malvertising campaign involves a malicious advertisement inserted in an ad network that is eventually used on the client webpages. What makes the attack difficult to detect is the fact that these websites showcase different ads depending on user’s interests and location. These malicious advertisements contain ransomware, which when clicked, automatically downloads the malware onto user’s system. Experts say that just like other ransomware, CryptoWall then encrypts the end-users’ hard drive and does not allow user to access until he/she pays a fee over the Internet for the decryption key. Failure to pay within a period of time results in user’s hard drives being permanently encrypted.
According to researchers, 85 000 attacks trying to deliver the ransomware have been recorded since CryptoWall 2.0 has been released. Most of them are delivered through emails with malicious attachments.
CryptoWall 2.0 ransomware that spreads through email mostly appear in the form of as PDF files inside a ZIP archive. When the receiver of the email opens this attachment, a drive-by download gets executed on his/her system. CryptoWall basically scans all drives on the compromised machine for files such as documents, songs, images, presentations, and videos. It then encrypts these files with RSA-2048 algorithm, which makes the data inaccessible without a private decryption key.
What can a user do to mitigate this malware?
- Use a reliable security software like eScan that can easily restrict such malware from getting downloaded on the computer system.
- Keep your computer’s security settings to a higher level. Configure your computer’s AV settings to perform automatic system updates.
- Regularly scan the system with automatic security software so that threats are left inside Windows Registry and other locations.
- Avoid clicking on any pop-up that appears, especially pop-ups which are displayed on an unknown website.
- Keep all of the software installed on your computer up-to-date. Especially software from Microsoft, Adobe, Oracle Java, and others.
- Configure your email server to block email that contains malicious file attachments.
- Think before opening an email attachment sent from an unknown sender, open it only if you are positive about the source.
- Disable AutoPlay to stop automatic launching of files from the network and removable external drives.
- Keep a backup of the information stored on your machine.
The best way to know whether your PC has a malware infection is to run a free scan. Use the Free eScan tool kit from here. No installation required. http://www.escanav.com/english/content/products/MWAV/escan_mwav.asp