Security vulnerabilities are being used as conduits to deliver malware. Most people don’t update their software, whether it’s on their own PC or their wordpress site. For their own PC, that leaves them vulnerable. For their WordPress sites, that helps to propagate the malware onto everyone else.
The scope of this problem is massive. From InfoSecurity Magazine:
The web is seeing an increase in malicious scripts injected into legitimate websites, which redirect internet users to the Neutrino exploit kit server when accessed. Hundreds of millions of sites could be affected, serving up ransomware and other baddies.
Heimdal Security said that the attack has been carried out by systemically compromising websites which run an outdated content management system, especially unpatched WordPress sites, or outdated plugins.
According to Heimdal, WordPress is used by 58.7% of all the websites whose content management system we know. This is 24.3% of all websites. Since there are almost 1 billion websites in the world, the figure of potentially compromised websites could rise to over 142 million. Moreover, over 20% of WordPress-based websites run an outdated version.
“Even websites that run the latest version of WordPress could be vulnerable to this attack if they run outdated plugins and lack in proper security settings,” the researchers said, in an analysis. “With over 409 million people reading WordPress blogs each month, the number of potential ransomware victims could be disturbingly high. And keep in mind that the attack is not solely directed towards WordPress-based websites, so the impact could be even bigger.”
The issue underlies the fact that the need for improved browser security and additional security tools that can supplement antivirus protection has never been greater.
Ransomware is a relatively new category of malware whose first incarnations became extremely profitable for the crooks. When you visit an infected website or click on a crooked link in a bad email, the malware is installed on your computer.
It’s important to realize that you don’t have to do anything stupid to be infected. Ransomware has been delivered through advertising networks on sites like the Drudge Report and Huffington Post in a new class of exploits called malvertising.
Ransomware works in the background encrypting all of your important files. When it’s done, it displays a friendly dialog box on your screen advising you to pay the ransom in bitcoins or else they’ll throw away the decryption key. You have only a few days to pay. Luckily, so far at least, you actually do get the decryption key back when you pay. If you don’t pay, all of your files are lost because they can’t be decrypted without the key.
What’s going to happen?
If nobody updates their software, and this bad stuff can be delivered so easily, then we should soon be having a terrible influx of ransomware that will be making headlines – not only for the number of victims, but how much money they take in.
Ultimately many people will suffer for lack of knowledge. But the heartache will lead to better tools, better understanding, and better processes for the general public. Eventually we’ll all be safer after this storm subsides.
What you can do
We’re all about solutions here at Easy Security Online. It’s easy to avoid becoming a victim of ransomware. Protect yourself by implementing as many of these suggestions as you can:
- Backup all of your files – how many times have you heard this advice? More people will lose their data to a hard drive crash this year than to ransomware. The effect is the same – all of your data is gone unless you pay big bucks to get it back. If you still aren’t backing up your data I don’t know what to tell you.
- Update your software – the way ransomware is making it into computers is through unpatched software. Special code called Exploit Kits determine if you have older versions of popular software installed on your computer. If so, you are tagged for an attack. The exploit kit uses known security vulnerabilites that you haven’t patched to inject the ransomware.
- Stop using Internet Explorer!!! It’s riddled with security holes. Use Firefox for much better privacy and security protection
- Install exploit kit detection software – free from Malwarebytes, this is like parallel antivirus software. Even if you upgrade your software regularly and automatically there could still be a window of time when an exploit could occur. Install this to detect and thwart all known exploit kits.
- Run your browser in a sandboxed environment – use SandboxIE (free pesterware) to run your browser in. SandboxIE isolates your browser from the rest of your computer and sets up a separate chunk of memory inaccessible by anything else. Any program that installs itself within SandboxIE has no access to any other computer resource unless you explicitly grant permission. Then it just evaporates when the browser is closed.
- Run your email program in a sandboxed environment – use SandboxIE for Outlook, too.