Hacked Ad Server Pushed Ransomware – Report

Ransomware is a clear and present threat to many businesses, but now a threat analyst has warned of another attack vector the malware can exploit, rather than the usual phishing route.

Researcher nao_sec warned that the Sodinokibi ransomware is now being distributed through malvertising that leads to the RIG exploit kit.

Malvertising campaigns traditionally inject malicious or malware-laden advertisements into seemingly legitimate online adverts. But now some of these compromised adverts can lead to ransomware attacks.

Popcash server

Speaking to the security website BleepingComputer.com, Nao_sec said the compromise was done via “advertisements on the PopCash ad network that redirected users to the exploit kit based on certain conditions.”

Essentially PopCash is a very popular video converter site. So when visitors come to the site to convert their videos, the ad server would reportedly load the exploit kit.

This was done by the ad server offering up a fake GIF file that contained JavaScript that would redirect the user to the exploit kit gate.

Nao_sec reportedly demonstrated how the exploit kit infected a Windows machine through this Any.run session.

A video of the Sodinokibi ransomware being installed by malvertising was also shown by BleepingComputer.com, which warned that the Sodinokibi ransomware is poised to be a big player in the ransomware space.

“Malware spread through advertising or ‘malvertising’ is a concern as it can occur on any site, even reputable ones if they do not have processes in place to monitor or filter the type of ads that are displayed,” said Javvad Malik, security awareness advocate at KnowBe4.

“However, this is far more common on non-mainstream sites,” said Malik. “Users should always exercise some caution in ensuring they visit reputable sites, particularly where processing anything like videos or photos.”

“An ad-blocker can also help protect users by preventing ads from showing altogether,” Malik added. “Although, this raises separate issues and website owners usually object to ad-blockers as it can impact their revenue. This is a good real-world example of how not investing in cyber security can have very material consequences for website owners and their visitors.”

Ransomware threat

The threat posed by ransomware is very real at the moment, with many businesses and other organisations suffering attacks.

Earlier this week a second city in the United States opted to pay hackers after their IT infrastructure was devastated by a ransomware attack.

Lake City in Florida took the decision to pay the hackers $500,000 (£394,000) to free up their computers.

It comes another city in Florida (Riviera Beach City) voted unanimously to pay hackers $600,000 who took over their computer systems via a ransomware attack four weeks ago.

This means that these two cities in Florida alone have now paid hackers $1.1m in total, setting a terrible example to the rest of the world.

Do you know all about security? Try our quiz!