Guardian, Facebook and Disney domains send users to ransomware downloads

Adverts luring people into ransomware attacks have been discovered on websites belonging to Disney, Facebook and the Guardian, claimed Cisco in a blog.

Exploiting vulnerabilities on the web technologies Silverlight, Java and Flash, Cryptowall ransomware is downloaded to the victim’s computer after they click the advert, with those infected sent a message informing them of the breach.

Andrew Tsonchev, a software engineer at networking firm Cisco, said: "Ransomware has proved to be a very successful form of extortion and we are likely to see new variants on the CryptoLocker theme for quite some time."

The malware, which encrypts machines before demanding payment from victims to unlock them, was revealed following an investigation by Cisco, after it noticed it was blocking access to 90 domains for more than 17% of its cloud customers.

Once the breach has occurred victims are instructed to install the anonymous Tor web browser, navigating to a personalised page that demands victims send $600 or €600 for their computer to be decrypted.

"Given the recent high profile reports of an FBI shutdown of Cryptolocker, it is worth remembering that whilst Cryptolocker has proven to be an extremely potent threat, it is just one of several forms of ransomware, including Cryptowall and CryptoDefense," Tsonchev added.

"Drive-by" downloads infecting users with ransomware have been another recent trend in cyber security, with details of the CryptoDefense ransomware emerging last month.

Action by the UK’s National Crime Agency and the FBI shut down a network distributing CryptoLocker this week, leaving a fortnight for IT security to be braced against future attacks.

Security firm Bromium Labs, who conducted an investigation on CryptoDefense, said: "With the widespread success and proliferation of such ransomware, it’s obvious that traditional approaches to end user security are failing to offer countermeasures against this kind of threat."

"When it comes to dealing with ransomware the best advice is to be proactive: maintain regular and full backups in case the worst should happen," Tsonchev said. "Regularly updated and patched machines which do not have rich media platforms such as Flash and Silverlight enabled remain relatively immune from these kinds of attacks."