A new round of ransomware is hitting Windows machines, stealing passwords, and then locking users out of their devices.
The attackers are using unsecure websites to redirect their unsuspecting victims to malicious sites that download the Angler exploit kit onto their machines. According to Heimdal Security, the Angler exploit kit finds a vulnerable app and then allows hackers to drop a malware known as Pony onto the victim’s machine, which is what steals their credentials and sends them back to the attacker’s servers. Credentials acquired could include, logins for the machine, websites, and applications, meaning any of these things could be locked down. It also means they could have other information stolen from them.
Following the credential steal, the kit will use CryptoWall 4 ransomware to lock everything up and wait for a ransom to be paid.
Heimdal Security’s site has a list of websites that they have found to be vulnerable, but it is more than likely that there are many, many more out there.
“The campaign is extensive and it originates from a bulletproof hosting environment located in Ukraine. More than 100 web pages in Denmark have been injected with the malicious script, but the campaign is not limited to Europe,” Heimdal writes in their post. ”In the last 24 hours, we have blocked more than 200 new domains which were used by attackers to spread CryptoWall 4.0 via Angler in this drive-by campaign.”
According to a report by the FBI, the use of ransomware has been on the rise. Not only is ransomware hitting private machines, but it’s hitting businesses, including financial institutions, government agencies, and even schools.
There are practical security decisions that can be made to help protect from the Angler Exploit Kit. The most obvious is to keep everything, devices, servers, websites etc., up-to-date. Another would be to have top notch network security in your organization. For example, an EdgeWall would be able to stop endpoints from going to bad url’s. In the event that a machine was compromised, the EdgeWall could detect it, and quarantine the machine from infecting any other device on a network.
Make sure that your organization is taking the necessary steps to protect itself from ransomware.
For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.