ALERT: New Ransomware Strain Encrypts Files From RAM
Security researchers at Invincea have discovered a new Russian ransomware strain called “Fessleak” which delivers its code straight into system memory and does not drop any files on disk.
This means that almost all antivirus software is not able to catch this malicious malware.
The infection is spread through malicious ads on popular websites.
The Cybercriminal setup a short-lived burner domain (disposable domain) directing to a landing page where the exploit kit (malware infector) is hosted. Then they post a legitimately paid-for ad on legitimate major sites such as HuffingtonPost, Answers.com, Thesaurus.com, and Match.com.
The ad is usually similar to “Granny opening a new iPhone video”.
When you click on the link, you are redirected to the malicious domain, which infects your workstation.
You are then presented with a full screen image that announces all personal or business files, photos, and videos have been ecrypted and to get them back you need to pay a ransom in Bitcoin.
“We continue to see new innovations in ransomware. More advanced versions use file-less infections, and communicate via the TOR network…they are also able to check to ensure the host is not running on a virtual machine to frustrate security researchers and analysis.
At this time, there is no detection for the malicious code, which rotates its hash value to avoid Anti-Virus detection.“
How do you pre-plan for a possible attack?
- BACK UPS! All malware and virus effects can be prevented by having all important data backed up. Take a weekly copy off-site.
- Keep your attack surface as small as possible, and religiously keep all OS and third-party patches up-to-date. All our monthly service plans do this automatically.
- Disable Flash in your browser, or at least set Flash to Click to Play. This way, you can activate only the ads or videos using Flash that you want to see, and the others will remain disabled.
- Run a multi-layer security system, block ads centrally rather than machine by machine. If that’s not possible, AdBlocker plugins for each browser.
- It is increasingly clear that effective security awareness training is a must. End users need to be on their toes, and need to keep security in mind at all times.