Hacked Ad Server Pushed Ransomware – Report

Ransomware is a clear and present threat to many businesses, but now a threat analyst has warned of another attack vector the malware can exploit, rather than the usual phishing route.

Researcher nao_sec warned that the Sodinokibi ransomware is now being distributed through malvertising that leads to the RIG exploit kit.

Malvertising campaigns traditionally inject malicious or malware-laden advertisements into seemingly legitimate online adverts. But now some of these compromised adverts can lead to ransomware attacks.

Popcash server

Speaking to the security website BleepingComputer.com, Nao_sec said the compromise was done via “advertisements on the PopCash ad network that redirected users to the exploit kit based on certain conditions.”

Essentially PopCash is a very popular video converter site. So when visitors come to the site to convert their videos, the ad server would reportedly load the exploit kit.

This was done by the ad server offering up a fake GIF file that contained JavaScript that would redirect the user to the exploit kit gate.

Nao_sec reportedly demonstrated how the exploit kit infected a Windows machine through this Any.run session.

A video of the Sodinokibi ransomware being installed by malvertising was also shown by BleepingComputer.com, which warned that the Sodinokibi ransomware is poised to be a big player in the ransomware space.

“Malware spread through advertising or ‘malvertising’ is a concern as it can occur on any site, even reputable ones if they do not have processes in place to monitor or filter the type of ads that are displayed,” said Javvad Malik, security awareness advocate at KnowBe4.

“However, this is far more common on non-mainstream sites,” said Malik. “Users should always exercise some caution in ensuring they visit reputable sites, particularly where processing anything like videos or photos.”

“An ad-blocker can also help protect users by preventing ads from showing altogether,” Malik added. “Although, this raises separate issues and website owners usually object to ad-blockers as it can impact their revenue. This is a good real-world example of how not investing in cyber security can have very material consequences for website owners and their visitors.”

Ransomware threat

The threat posed by ransomware is very real at the moment, with many businesses and other organisations suffering attacks.

Earlier this week a second city in the United States opted to pay hackers after their IT infrastructure was devastated by a ransomware attack.

Lake City in Florida took the decision to pay the hackers $500,000 (£394,000) to free up their computers.

It comes another city in Florida (Riviera Beach City) voted unanimously to pay hackers $600,000 who took over their computer systems via a ransomware attack four weeks ago.

This means that these two cities in Florida alone have now paid hackers $1.1m in total, setting a terrible example to the rest of the world.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago