CryptoWall – the King of the Ransomware Kingdom
CryptoWall can easily be defined as the most successful ransomware that continues to target both businesses and users on a global level. The techniques CrytoWall employs to target systems vary in sophistication in severity. However, the end goal is always the same – making data unreachable.
RIG Exploit Kit Delivered via Drive-By Downloads
A new malicious drive-by download campaign has been discovered by researchers at Heimdal Security. The file-encrypting threat is delivered through the RIG exploit kit via several corrupted websites and Google Drive. According to many security researchers, the scale of file encrypting, ransomware attacks has reached its peak in the past year. CryptoWall, however, has proven to be the most vicious of all ransom threats.
Several Exploit Kits Employed by CryptoWall
As already reported by the STF team, Angler EK and Magnitude EK are already on the list of malicious kits used to spread CryptoWall. Attacks are getting more sophisticated and notorious, and the time between ransomware campaigns gets shorter. Both individuals and businesses are at risk, and effective security measures need to be taken into action.
RIG Exploit Kit Not New to the Cyber Criminal World
Last year, the RIG exploit kit compromised the popular Web portal AksMen.com, redirecting users to a malicious page, as reported by Symantec. Compromising well-known and widely popular websites and services has turned out to be impressively sufficient.
Users running outdated versions of Flash Player, Java, Adobe Reader and Internet Explorer can become victims of the present malevolent campaign. This is due to the fact that RIG takes advantage of their vulnerabilities and exploits them.
Once on the compromised website, the user experiences a series of redirects that lead to the final payload – CryptoWall.
Users Tricked by a Malicious PDF Disguised as a Resume in Google Drive
According to Heimdal’s research, over 80 active domains are currently hosting RIG which redirects the victim to downloading a corrupted file in Google Drive.
Once the file is launched, CryptoWall infects the system. Once file encryption is done, the user is presented with the ransom message.
Unfortunately, there is still no information about the number and location of attacked machines. Nonetheless, it is reported that about 10,000 infections occur per day. Once data is conclusive, the number will be much bigger.
To stay protected against ransomware, users are highly advised to:
- Check the validation of Flash Player, Java, Adobe Reader and Internet Explorer.
- Sustain a powerful anti-malware solution to protect the system.
- Periodically back up crucial data via cloud services or external memory devices.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: