This strain attempts to install ransomware with poisoned ads on New York Times, BBC, AOL and NFL to name a few of the big websites hit around the 16th of March.
The infected advertisements when loaded on a web page load scripts from a different web server which then attempts to find security holes including flash player, silverlight and other rich-media technologies commonly found in advertisements.
Once a security hole is discovered it is exploited to then install the ransomware on the computer and encrypt all user data on the PC rendering it useless until a ransom is paid in bitcoins. This method of attack has become increasingly popular with cybercriminals and has surpassed the spread of other threats over trojan and adware methods of infection.
As expected, the attack vector used by ransomware criminals has spread from the email attachment to potentially more sophisticated methods of distribution.
Tips to keep your risk of infection by this type of ransomware to a minimum include:
- Ensure that all service packs and security updates are applied especially for Windows. If you are on Windows 7 or older consider upgrading to Windows 10.
- Uninstall Flashplayer, Java and Silverlight if you are not needing it for any specific reason.
- Use a trusted ransomware prevention tool such as Cryptoprevent.
- Consider using an adblocker either directly on your web browser or as a part of your network.