Hi all! Today I want to tell you about a forgotten malvertising campaign that was discovered by security researchers earlier this year. Malvertising is a technique in which attackers use advertising networks to distribute malicious code through legitimate websites. This could lead to site visitors' computers being infected, their personal data being stolen, their files being encrypted, or other malware being installed.
The campaign I want to talk about is called "Forgotten". It was active from January to March 2021 and attacked users in the US, Canada, UK, Germany and France. She used several advertising networks, including Google AdSense, to place her ads on popular sites such as CNN, Forbes, The Guardian and others. The ads looked like regular advertising banners, but contained hidden code that redirected users to sites with exploit kits. Exploit kits are sets of tools that automatically check for vulnerabilities in browsers and plugins and attempt to exploit them to execute malicious code.
Security researchers from Malwarebytes discovered that the "Forgotten" campaign used two exploit kits: RIG and Fallout. Both exploit kits were previously known and used in other malvertising campaigns. They exploited vulnerabilities in Adobe Flash Player, Internet Explorer and Microsoft Edge. If the exploit kit successfully infected the user's computer, it would download a ransomware Trojan or ransomware Trojan onto it. A ransomware Trojan is a type of malware that encrypts the user's files and demands a ransom to restore them. A ransomware Trojan is a type of malware that blocks access to a user's computer and demands a ransom to unlock it.
Security researchers at Malwarebytes determined that the "Forgotten" campaign used two types of ransomware: STOP/Djvu and Zorab. Both ransomware Trojans were previously known and used in other malvertising campaigns. They encrypted the user's files using the AES algorithm and added .djvu or .zorab extensions to them. They also created text files with instructions for paying the ransom. Security researchers at Malwarebytes warn that paying a ransom does not guarantee file recovery and could also lead to further blackmail from attackers.
How to protect yourself from the "Forgotten" malvertising campaign? Security researchers at Malwarebytes offer some advice:
- Update your browsers and plugins to the latest versions to close known vulnerabilities.
- Use antivirus software and ad blockers to prevent malicious code from being downloaded and executed.
- Regularly backup your files to external media or cloud services to restore them in case of infection.
- Do not pay a ransom to attackers, but contact @fbi_gov specialized file decryption services, such as No More Ransom or Emsisoft.
You must be logged in to see this link.
The campaign I want to talk about is called "Forgotten". It was active from January to March 2021 and attacked users in the US, Canada, UK, Germany and France. She used several advertising networks, including Google AdSense, to place her ads on popular sites such as CNN, Forbes, The Guardian and others. The ads looked like regular advertising banners, but contained hidden code that redirected users to sites with exploit kits. Exploit kits are sets of tools that automatically check for vulnerabilities in browsers and plugins and attempt to exploit them to execute malicious code.
Security researchers from Malwarebytes discovered that the "Forgotten" campaign used two exploit kits: RIG and Fallout. Both exploit kits were previously known and used in other malvertising campaigns. They exploited vulnerabilities in Adobe Flash Player, Internet Explorer and Microsoft Edge. If the exploit kit successfully infected the user's computer, it would download a ransomware Trojan or ransomware Trojan onto it. A ransomware Trojan is a type of malware that encrypts the user's files and demands a ransom to restore them. A ransomware Trojan is a type of malware that blocks access to a user's computer and demands a ransom to unlock it.
Security researchers at Malwarebytes determined that the "Forgotten" campaign used two types of ransomware: STOP/Djvu and Zorab. Both ransomware Trojans were previously known and used in other malvertising campaigns. They encrypted the user's files using the AES algorithm and added .djvu or .zorab extensions to them. They also created text files with instructions for paying the ransom. Security researchers at Malwarebytes warn that paying a ransom does not guarantee file recovery and could also lead to further blackmail from attackers.
How to protect yourself from the "Forgotten" malvertising campaign? Security researchers at Malwarebytes offer some advice:
- Update your browsers and plugins to the latest versions to close known vulnerabilities.
- Use antivirus software and ad blockers to prevent malicious code from being downloaded and executed.
- Regularly backup your files to external media or cloud services to restore them in case of infection.
- Do not pay a ransom to attackers, but contact @fbi_gov specialized file decryption services, such as No More Ransom or Emsisoft.
You must be logged in to see this link.