Ad Networks, YouTube, and Ransomware

Over the past few weeks I have been seeing a rise in security articles and news media talking about ransomware. Ransomware is malware that takes over your computer preventing you from using the computer until you pay the “fine” to unlock it. I say fine here because most ransomware pretends to be from a law enforcement agency such as the FBI. The malware typically covers your screen with a window that cannot be closed demanding you pay a fine for having illegal materials on your computer. Similar ransomware has gained popularity. CryptoLocker and Cryptowall ransomware variants have gained popularity and do some real damage on an infected machine. By encrypting all of your files this ransomware makes retrieval of your data impossible without paying the ransom and having them unlock your files.

One of the most popular ways to spread these viruses is by using advertising networks. Attackers purchase ads on these networks that redirect you to sites that have either been compromised or designed to run a drive by attack on your machine which in turn infect the computer with the ransomware. To refresh your memory a drive by attack runs when you visit a website. The code on the site tests for known vulnerabilities in unpatched software then uses that vulnerability to infect the computer with some sort of virus. Recently reports of YouTube’s ad network being the latest favorite network for ransomware distribution. The reason is because YouTube’s ad network is very low cost and has extremely powerful tools that allow an attacker to target specific groups and geographic areas.

Protecting against this type of malware begins with good security practices. Having solid anti-malware software is only the first step. You should turn on the local firewall either in the operating system or the one that is part of your anti-malware suite. Next patch and update all your software regularly. Software that has the ability to auto update should have that feature turned on. Make sure that when prompted employees run the patches. Some malware looks like valid patch messages so training employees to know what they should see and recognize false patch requests is important. Work with your IT department to implement a patch management and monitoring system or contract a service provider like B.I.T.S. to do it for you. Finally, make sure you are backing up your files both on your computer’s local drives and on your servers. If one of these ransomware variants does make its way onto one of your computers and encrypts your files, restoring from a good backup is the only way to recover.

Leave a Reply