Security Awareness Training Blog

    Patch Flash NOW Or Get Infected With CryptoWall

    adobe_patch-680x400It is now urgent to patch any Adobe Flash Player machines in your network. Why? There is an exploit kit called Magnitude that now uses a recently patched Flash zero-day vulnerability. An emergency out-of-band update for Flash was released June 23-rd.

    French researcher Kafeine reported that a sample he encountered was dropping two instances of Cryptowall ransomware on any Windows 7 computer running Internet Explorer 11. Cryptowall is a strain of ransomware that encrypts files on a victim’s computer and demands a ransom, generally paid in Bitcoin. The FBI last week said that consumers have reported losses of more than $18 million related to infections caused by this leading strain of ransomware

    Flash vulnerabilities are a favorite attack vector for criminal hackers and nation-state groups because of the player’s ubiquity on Windows machines especially. These groups are moving quickly in developing exploits for patched vulnerabilities; Kafeine said it took only four days for this one to show up in Magnitude, for example.

    Now that criminals have absorbed the exploits into Magnitude, they expect to turn a profit against unpatched machines by infecting them with Cryptowall, fast becoming one of the most prolific crypto-ransomware tools in use.

    Close to three weeks ago, the SANS Institute warned that it was observing a spike in Angler Exploit Kit traffic containing Cryptowall 3.0 ransomware. The same group, SANS said, could also have been behind a simultaneous spam campaign pushing the same version. Version 3.0 encrypts files stored on a compromised computer and demands a ransom, usually $500 payable in Bitcoin, in exchange for the encryption key. The malware uses numerous channels to communicate and send stolen traffic to its keepers, including I2P and Tor anonymity networks.

    With this ransomware explosion, new school security awareness training which combines web-based on-demand training by a social engineering expert, combined with frequent simulated phishing attacks is a must these days to protect your organization against these kinds of attacks. Find out how affordable this is today:

    Get A Quote Now

    - See more at Threatpost 

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews