Cybercriminals taking advantage of a ‘malvertising’ attack on big name sites including Yahoo!, Match.com and AOL were making in the region of $25,000 per day, according to Forbes.
Cybercriminals taking advantage of a ‘malvertising’ attack on big name sites including Yahoo, Match.com and AOL were making in the region of $25,000 per day through ransomware, according to Forbes.
The attacks, which used CryptoWall 2.0, ran through three compromised ad networks: Rubicon Project, OpenX and Right Media/Yahoo Advertising, according to the International Business Times. The site lists 22 sites that were found to be affected, including The Atlantic, Time Out, 9GAG and The Sydney Morning Herald.
ComputerWorld reckons at least three million people will have been exposed to the campaign that was first spotted on 18 September. IBTimes reports that the fake ads used images and copy lifted from brands including Bing, Fancy and Case Logic to hide in plain sight.
CryptoWall 2.0 works by encrypting the victim’s files on their computer, and then demanding a ransom usually equal to $500 – paid via bitcoin for anonymity – to unlock them. If the extortion is refused and the ransom is not paid by the deadline, then the file are lost forever. Because the payment was in bitcoin, payments are traceable, which is how the figure of $25,000 per day was reached. Unfortunately, the tracing does not go as far as identifying the guilty party.
Mark James, a security specialist at ESET, comments that this kind of malvertising is particularly effective because it can often act as expected to the untrained eye: “What would appear as an ordinary legit advert on a website can contain code that once clicked will infect your systems, but still deliver the advertising product. Often good legit adverts are served for a period of time to gain access, and then the infected adverts are slipped in once a trust level is established.”
“Ransomware delivered via malvertising is certainly much more advanced than other malware we have seen using this method,” James continued. “The user is scared into paying the ransom as ‘scare tactics’ are used, which involve phrases like ‘child pornography’. This will often cause the user to pay the ransom rather than trying to get professional help,” he warned.