There has been a huge explosion of online ransomware within the last year or two which has seen a huge number of consumer’s, unfortunately, falling victim to this ever present and growing technique. Now, there is a new technique which is being served to consumers via the PopAds network and it contains the Magnitude exploit kit via pop-under ads.
For those who are unfamiliar with a Pop-under ad, this is a type of online advertisement that appears behind the main browser window and remains open until the user manually closes it. Consumers who failed to update their version of Flash Player (which we are constantly being informed to do) were immediately infected with the CryptoWall ransomware.
The infection campaign began around the 1st January 2016 with ads being placed within avenues that included both NSFW and also video streaming sites. Below is an image to convey the geographic location of infections that have been caused by this new technique, as you can see, Spain is in the lead with 14.3% with the Netherlands, France and Poland that are next and are level with 11.4% each. The spread of countries according to this data is mostly within Europe, although an exception to this is South Korea.
Once a user has been infected they will typically see a CryptoWall ransom page window that will state the following as conveyed by the image below, it is a bit of an insult to say “Congratulations, you have become a part of large community Cryptowall” Users will need to pay a ransom as is commonly associated with these typical types of ransomware infections.
These cases highlight the need for a strong and reliable backup system which will help to mitigate in the event that your hard drive is encrypted, also, it is always essential to keep your browser, plugins and various system updates current for your OS. If you wish to add further defenses then it may be worthwhile to either disable or uninstall Flash Player as well as running an up to date Anti-Virus and Malware scanner.
These types of infections will become more and more advanced and also very common in 2016 and vigilance is required by users in order to help to avoid such attacks.
Image courtesy of ssri