A new kind of file locking malware is apparently infiltrating people’s computers through fake ads placed on both Yahoo and AOL. For those who might remember it, this is the CrytoWall malware coming back from the dead. This time around it’s using ad networks to find victims. Over 22 different trusted websites have been compromised so far, this includes AOL, Yahoo and even Match.com.
How It Works
While it might seem like a simple case of click and get into trouble, it isn’t. A user does not actually have to click on any of the fake ads to find their system utterly infected. The malware has the ability to lock a person out of their own files until and unless they agree to paying a certain sum. This is quite literally like someone kidnapping your files. The Malvertising trend has been on the rise for a while and generally works through ad networks – another reason to hate them absolutely.
So once it infiltrated the system it was super easy for it to encrypt files on the PC and then lock the user out. This is ironic consider how many people are looking into better encryption to keep hackers and intruders out of their personal data, and now we have malware that is encrypting your information for you only to lock you out of it.
CryptoWall’s malicious campaign reportedly kicked off in September and ended in October. Proofpoint, a security firm, has been tracking the progress that it made during this time. According to their reported estimates CryptoWall was able to hit around three million people a day when it was in action. The report also seems to indicate that the hackers earned over $25,000 every single day that the malware was active. "As for the unfortunate victims, payment is no guarantee that the end-user will regain access to their system, and even if they do the attacker may remain effectively in control of it, which is why security best practices generally recommend against payment and advise instead to clean the system, if possible, and if necessary recover from a clean backup," Proofpoint explained.
The reason malvertising is so hard to stop is because there isn’t a whole lot that the targeted websites can do against them. Those websites i.e. Match.com or AOL, technically are not compromised. Like all the rest of their ads the malware shows up through a network. It doesn’t do much to their infrastructure or data, if anything at all.
You can avoid getting into a situation like this by making sure your security patches and updates are in place. Keep a nice and hefty antivirus on hand, one which updates to new malware information on a daily basis. Getting an ad blocker will also not hurt. At the end of the day all one can do is take precautions, with loopholes and backdrops propping up every day, there is no 100% fool proof method for security.