Seems like news of major cyber-attacks comes so regularly now that it mostly falls on deaf ears.
Just last week there was a major outbreak during which criminals hijacked ads on AOL’s advertising network and served up malware to visitors of such sites as Huffington Post, WeatherBug and GameZone among others. The attack was spotted and “fixed” within two days (an eternity when exposing millions to malware).
Two things about this attack that you need to be aware of;
First, the malware that is being distributed is a variant of ransomware. Once infected the malware encrypts certain files on your network then offers to decrypt them if you pay a fee. The encryption being used is no joke – once encrypted you will NOT get the data back. Your only option is to pay up (not recommended) or restore from backup (you do have an awesome backup that is tested regularly… right?)
Second, the way that this malware attacks is via a vulnerability in Adobe Flash. So, even if your operating system, ex: Windows, is fully patched and you have an up-to-date virus scanner you are STILL exposed to this type of attack.
We’ve seen these type of attacks growing in frequency and sophistication, so word to the wise;
- Test your backups – have your IT Vendor do a fire drill and recover data to prove it is working as planned.
- Patch Everything – don’t stop at just patching your operating system, patch all common applications.
More info can be found here.