CryptoWall 3.0 Delivered by Intense Redirects. RIG EK and Google Drive Used - How to, Technology and PC Security Forum |

CryptoWall 3.0 Delivered by Intense Redirects. RIG EK and Google Drive Used

CryptoWall – the King of the Ransomware Kingdomransomware-file-encryption

CryptoWall can easily be defined as the most successful ransomware that continues to target both businesses and users on a global level. The techniques CrytoWall employs to target systems vary in sophistication in severity. However, the end goal is always the same – making data unreachable.

Download a System Scanner, to See If Your System Has Been Affected By CryptoWall 3.0.

RIG Exploit Kit Delivered via Drive-By Downloads

A new malicious drive-by download campaign has been discovered by researchers at Heimdal Security. The file-encrypting threat is delivered through the RIG exploit kit via several corrupted websites and Google Drive. According to many security researchers, the scale of file encrypting, ransomware attacks has reached its peak in the past year. CryptoWall, however, has proven to be the most vicious of all ransom threats.

Several Exploit Kits Employed by CryptoWall

As already reported by the STF team, Angler EK and Magnitude EK are already on the list of malicious kits used to spread CryptoWall. Attacks are getting more sophisticated and notorious, and the time between ransomware campaigns gets shorter. Both individuals and businesses are at risk, and effective security measures need to be taken into action.

RIG Exploit Kit Not New to the Cyber Criminal World

Last year, the RIG exploit kit compromised the popular Web portal, redirecting users to a malicious page, as reported by Symantec. Compromising well-known and widely popular websites and services has turned out to be impressively sufficient.

Users running outdated versions of Flash Player, Java, Adobe Reader and Internet Explorer can become victims of the present malevolent campaign. This is due to the fact that RIG takes advantage of their vulnerabilities and exploits them.

Once on the compromised website, the user experiences a series of redirects that lead to the final payload – CryptoWall.

Users Tricked by a Malicious PDF Disguised as a Resume in Google Drive

According to Heimdal’s research, over 80 active domains are currently hosting RIG which redirects the victim to downloading a corrupted file in Google Drive.

Once the file is launched, CryptoWall infects the system. Once file encryption is done, the user is presented with the ransom message.

Unfortunately, there is still no information about the number and location of attacked machines. Nonetheless, it is reported that about 10,000 infections occur per day. Once data is conclusive, the number will be much bigger.

To stay protected against ransomware, users are highly advised to:

  • Check the validation of Flash Player, Java, Adobe Reader and Internet Explorer.
  • Sustain a powerful anti-malware solution to protect the system.
  • Periodically back up crucial data via cloud services or external memory devices.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share