Ransomware Explained: Hackers Take Aim At Publishers
Ransomware is a particularly nasty form of malware, which has steadily become more sinister. The purpose of ransomware is, as the name suggests, is to collect a ransom from the user that it attacks. If you are unlucky enough to install a piece of ransomware on your computer, you can expect to have a nightmare scenario unfold. Typically, an onscreen message will appear letting you know you have to pay a ransom of usually upwards of $500-$1000 within a week.
The malicious code underlying the ransomware will encrypt all your data once it has been installed, including locally stored, network stored and even data in Cloud storage areas like Dropbox; it can even affect some backup systems if they work by synchronizing your data. Once encrypted, the ransomware then plays back to you, on screen, their calling card.
Ransomware attacks are on the rise:
- According to the New York Times, In 2019, 205,280 organizations submitted files that had been hacked in a ransomware attack — a 41 percent increase from the year before.
- The average payment to release files spiked to $84,116 in the last quarter of 2019, more than double what it was the previous quarter. In the last month of 2019, that jumped to $190,946, with several organizations facing ransom demands in the millions of dollars, said The Times.
How does ransomware get in?
Ransomware uses software vulnerabilities (i.e. bugs in the code) to ultimately take control of your computer and exploit your system. However, to get into your system in the first place, it needs to find a vector in.
These vectors are often in the form of emails that contain malware as an attachment or through advertisements on legitimate websites, also known as malvertising.
Historically, attackers targeted a wide range of victims, with individuals often targeted over organizations, but in recent years, there’s been a shift to hone in on organizations and large enterprises.
Now, malvertising is becoming an increasingly worrying trend and is cited it as being the biggest growth area in malware insertion techniques .This finding is backed up by The Online Trust Alliance in a report, Emerging Threats to Consumers Within the Online Advertising Industry. Since 2018, according to the 2020 State of Malware Report, consumer threat detections are down by about 2%, but business detections have increased by 13%.
Identifying an attack
Several high profile attacks over the last few years serve as examples of the ransomware meeting malvertising reality, including an attack that targeted multiple web publishers – including the New York Times, AOL, MSN and the BBC. Simultaneously poisoned ads were served that infected readers with ransomware and other malicious viruses. The attack successfully compromised an automated ad network to display malware-laced banner ads on the high-traffic sites. Once the user surfed to a page that served the malicious advertising, the ad automatically redirected to two malvertising servers, the second of which delivered a well-known exploit kit known as Angler.
One of the biggest advertising-based ransomware attacks of emerged from Russia. The cybercriminal gang behind the attack used a real-time ad bidding network to deliver the infected ads –or fake Hugo Boss ads that appeared on legitimate websites such as Huffington Post. Once in place, if a visitor clicked on the ad, they were taken to a server that used an exploit in Flash to download Cryptowall ransomware to its victims.
Chaos then ensued in the form of ransomed, encrypted data. Many advertising networks are being targeted for this exact reason, including Yahoo’s extensive ad network.
How to prevent infection by ransomware
Here are a few things you can do to reduce your risk of infection:
Strategy 1: Keep your software up-to-date. Ransomware uses software vulnerabilities to take control of your computer so keep your software, especially browsers, patched and up-to-date.
Strategy 2: Email is often used as a vector into your system. Stay alert, ensuring that emails come from trusted sources.
Strategy 3: In this toxic environment, publishers and networks should use specialized ad security and verification tools to maintain the security of the advertising served on their web pages. Top-tier ad verification tools can automatically spot signs of suspicious activity and block malicious ads before they do damage to your readership.