Ransomware Alert: Digitally Signed CryptoWall through Malvertising

CryptoWall Alert!fb_adpanel

Earlier this week, independent researchers uncovered a malicious advertising, or “malvertising,” campaign serving a digitally signed variant of the CryptoWall ransomware through banner ads found on a number of Alexa top 15,000 websites. Affected sites included:

  • hindustantimes[.]com
  • bollywoodhungama[.]com
  • one[.]co[.]il
  • codingforums[.]com
  • mawdoo3[.]com

Users who visited affected sites who clicked on malicious ads would be redirected to a website serving an exploit kit designed to look for and take advantage of vulnerabilities in common browser plug-ins and applications. If and when vulnerabilities were found, CryptoWall would be installed and the currently un-decryptable ransomware would execute, encrypting computer files and demanding payment for recovery.

Are Emsisoft Users Protected from this Threat?

Yes. Emsisoft users are protected from malvertising attacks and CryptoWall in a number of ways.

Our 3-layered protection approach:

  1. Prevents users from visiting websites that serve malware, such as ones you could be redirected to by clicking on a malicious ad.
  2. Recognizes over 100 million malware signatures using a database that is updated 24 times per day.
  3. Utilizes Behavior Blocking technology to recognize derivative malware patterns, if 1) and 2) should ever fail.

Additionally, Emsisoft was one of the very first vendors to detect this new CryptoWall variant. PCWorld reports that initial vendor detection rates on VirusTotal.com were close to 0/55, but Emsisoft detection was actually registered in a mere matter of hours.

What Should I do if I have a CryptoWall infection?

CryptoWall is currently recognized as the most destructive ransomware threat on the Internet today. There is currently no known way to recover encrypted files without paying the ransom to cybercriminals – and even this method is not guaranteed. If your computer has become infected with CryptoWall, Emsisoft does not recommend paying the ransom unless you absolutely must recover the files.

Sometimes, partial recovery is possible. Instructions on how this works have been published by Bleeping Computer, and can be found here. Anyone who needs assistance walking through these instructions is encouraged to contact Emsisoft Support.

In addition to using an anti-malware that offers real-time protection, the risk of CryptoWall malvertising can be greatly minimized by regularly updating every application that you use, and keeping backups of your most important files on an external drive (since ransomware is meaningless if there’s nothing left to ransom).

Have a great (CryptoWall-free) day!

  • Legend

    Another way to maximize one’s security, regarding ads, is to use an ” ad blocker”. There is different ” Ad Blockers ” for Firefox-Chrome- and IE, all for free. Personally I don’t like browser extension so much. But these ” Ad blockers ” is definitely very useful. Better security, faster loading time of websites, and less noise from popup windows.