Malvertising campaign with ransomware that infects without clicks

A malvertising campaign used to carry out a ransomware attack hit two UK universities and was capable of infecting all users who just visited the malicious website.

ransomware
Image: Proofpoint

The University of London and Ulster University were releasing their systems offline after an attack on ransomware, which has now been recognized by security researchers as Mole ransomware, a form of malware file encryption that first appeared in April. This is how the extensions of the infected files are changed to .MOLE. Malware is reported to be a member of the CryptoMix ransomware family.

Proofpoint security researchers have revealed that ransomware used AdGholas ads to spread them.

Although this particular attack was targeting the two British universities, malvertising was part of a much wider attack that tried to hit entire countries around the world through a malicious site.

One of the reasons why ransomware was able to penetrate University networks was because users did not need to click on malicious ads. Visiting simply the malicious website was enough to infect everyone, as the attackers used the Astrum exploit kit and an old exploit of Flash.

"You don't have to click on the ad to get infected, just to show the ad: if your system is vulnerable, then the infection will occur without any user interaction," said Kafeine, the researcher who discovered the ransomware. -dropping.

The attack began between 14 and 15 June, targets in the UK and maybe in the US.

Those infected with Mole saw a note that required them 0,5 Bitcoin (now 1.364 dollars) in exchange for decrypting the files.

However, in the case of the UCL and Ulster universities, the ransom was not paid because the administrators had backups taken before the attack.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).