carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · Mar 16, 2016

Worldwide malvertising scheme puts millions at risk for ransomware

Worldwide malvertising scheme puts millions at risk for ransomware

Color illustration of laptop screen showing a security warning.

Some of the best known global publishing brands today are investigating a Crypto-style ransomware virus called Angler that managed to infiltrate their websites in recent days.

The New York Times, BBC, MSN, the NFL and AOL are just some of the major online publishers whose websites were victims of a large-scale malvertising scheme, where cybercriminals create malicious digital advertisements and upload them to online ad networks – so they are distributed across the Web.

The number of victims is almost impossible to determine since the attackers were able to abuse a legitimate online ad network to display malware-laden ads on legitimate websites. Anyone visiting one of these sites with a vulnerable browser could have been silently redirected to a third-party site hosting the ransomware.

The UK’s National Crime Agency, the FBI and several security research firms reported a major spike in worldwide ransomware attacks as a result of the malvertising scheme. Ransomware refers to any malicious computer virus that encrypts your digital files and allows the sender to demand that victims pay a hefty ransom to get them back.

How does it work?
Cybercriminals managed to distribute the ransomware using the Angler exploit kit, which includes tools that let attackers take advantage of vulnerabilities in browser plug-in software, according to security researchers at Trend Micro. Here’s how it works:

  • User clicks on a malicious online advertisement
  • User is redirected to a server that hosts the Angler exploit kit and the ransomware
  • Angler exploit kit attempts to find vulnerabilities, such as security holes that have not been patched
  • Ransomware is installed and begins to encrypt the user’s files
  • User finds a digital note demanding a ransom in the form of bitcoins

Why should you be concerned?
Ransomware remains one of the biggest malware problems on the Internet. Individuals and businesses alike are vulnerable as the attacks become more sophisticated. The days of being easily able to spot suspicious alerts, warnings, redirects – all designed to draw victims to targeted servers – are over. Cybercriminals today have more sophisticated tools at their disposal and the phony emails they send may seem like normal correspondence from friends, family or business partners.

In 2015, ransomware infections grew by 113% over the previous year, with perpetrators demanding an average of $300 from victims, according to the Symantec Internet Security Threat Report.

Angler attacks not new
The worldwide malvertising attack on huge publishing brands, while large in scope, is nothing new. In late 2015, networking software giant Cisco took steps to thwart a similar Angler attack. And you can bet that more cyberattacks like this will be launched in the future.

Many believe that anti-virus software offers full protection against ransomware, but this is a myth. Hackers using the Angler exploit kit and similar tools have figured out how to circumvent even the best anti-virus software. As a result, the battle has now shifted from prevention to response.

How to protect yourself
The best way to avoid a ransomware infection at home or work is to educate yourself and your employees on how to spot potential trouble, according to Jim Flynne, Vice President of Operations and Chief Security Officer at Carbonite.

“Ransomware requires the user to take a positive action. Somebody needs to actually click on a website, click on a link in an email, or open an executable or .zip file in order to initiate the infection,” Flynne said. “You need to train people on what to watch out for – and what to stay away from. That is the most effective way to avoid an infection.”

Here are Flynne’s tips on how to avoid a ransomware infection:

  • Use extreme caution when clicking on links inside of email
    Ransomware viruses are often spread by malicious HTML links found inside emails. If you’re going to click on a linking the body of an email, make sure you’re absolutely certain who the email is coming from.

  • Beware of email attachments
    It’s not just the links inside emails that you need to worry about. You also have to be extremely careful when clicking on email attachments.
  • Keep your firewall and security software up to date
    Security software can’t guarantee complete protection, but it is a first line of defense.
  • Set clear information security policies and educate users
    Education is key – especially in business environments. If you want to protect your business from ransomware, it’s important to set and communicate clear information security policies related to emails, links, and attachments.
  • Back up your files!
    Ransomware triggers such as malicious links and email attachments are getting harder to identify. The only way to fully protect your computers is to proactively install a backup system with versioning capabilities before you are attacked. That way, if you ever fall victim to ransomware, all you need to do is delete the infected files and restore clean versions from backup.


Mark Brunelli

Senior Writer

Mark Brunelli is a Senior Writer on the Corporate Marketing team at Carbonite. He blogs about Carbonite happenings and IT industry trends.

Related content