Pony + Angler + CryptoWall 4 = New Cyber Crime Attack Campaign.

Published on December 5, 2015 By DrJBHL In Personal Computing

First “Pony” steals your passwords (including FTP and SSH credentials used by Admins to manage sites)…then, they inject malicious code into legit sites to redirect visitors to malicious sites which install “Angler” which attacks Windows and Flash as well as Java plugins. So, with not up-to-date software, your computer becomes vulnerable to Angler attacks and in those “drive bys”, CryptoWall 4 will be installed.

Now, you’ve got the most successful ransomware on your computer. If you don’t have an offline backup you’re screwed. All your data is encoded using a strong encryption algorithm and either you pay for the key (and if you don’t pay within 24 hours, the price is doubled), or you lose it all…IF they decide to send you the key.

This attack by cyber criminals is very extensive…it’s well protected, it’s coming from the Ukraine <inject cynicism here> of all places…and it’s hitting large numbers of computers because of the way it’s being done.

In Denmark, more than 100 webpages have been infected, and sites infected are certainly NOT limited to Europe.

So, you say “I have great antivirals/antimalware stuff on my computer. Well, “detection rates are extremely low for this campaign”, Heimdal Security states.

They recommend:

Keep your system updated and always install the latest updates available for the apps you use.
Back up your data constantly and frequently. [my note: Not sure about the “constantly” as it could backfire – I’d suggest “frequently”].
Don’t keep any important piece of information on your computer.
Make sure you keep away from strange websites.
Do not open spam emails or emails you get from unknown senders.
Don’t download or open attachments in those emails.
Use products that can detect and block recent ransomware/Cryptoware variants which, as you’ve seen, can end up on your system without you downloading anything on purpose.

Source:

https://heimdalsecurity.com/blog/security-alert-angler-exploit-kit-spreads-cryptowall-4-0-via-new-drive-campaign/

Comments

WOM

on Dec 05, 2015

Hum, seems no matter what ya do your screwed.

DrJBHL

on Dec 05, 2015

No one thing will prevent this, because of its low detection rate but if you read their recommendations, they do make sense and should decrease the chances a good deal.

Uvah

on Dec 05, 2015

I keep all my backups on an external drive, all my software is up to date, in fact I just updated ASC to the latest version. My inbox is beginning to look like my spam folder, lol, All I do is read the list and never ever open anything whether I know them or not. My spam folder is like reading an Archie comic book, good laughs at some of the nonsense I see but after reading the list...delete delete delete. Plus I don't put anything personal on my machine. One good thing I found out...AVG has already nailed 3 bugs and one click deletes them. I run regular scans twice a week with Mbam and AVG, full system scans. Takes a while but I think its worth it. And CCleaner I do every other day. And then there's the Crypto thingy Doc recommended. Maybe overkill but if it keeps the bugs away then I'm good with that.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!