Recently, however, some of the tactics have gotten a bit more vicious and aggressive. A new set of malware is attacking users the instant they visit a compromised website. The worst part: it doesn’t even try to hide it from you! The second the malware installs, it encrypts your files, locks them away, and demands you pay hundreds in Bitcoin just to get them back. This hostile type of attack — called “ransomware” — is a serious problem. It’s so dangerous, in fact, that entire hospitals in Europe were shut down by a particularly nasty version. If you’re not careful, visiting a site hosting this malware can cause you to lose all your files, money, or worse. We’re breaking down the details on this frightening threat, and what you can do to steer clear of this aggressive group of hackers.
How are hackers locking up people’s files?
If you remember the WannaCry attacks of 2017, you already know how ransomware works. Essentially, ransomware is a piece of software that installs itself on your computer, locks all your files with a passcode, and demands you pay money to an unknown party in order to regain access. Not only does this hurt people who need the files for work and life reasons, but it can also devastate bank accounts for those who pay, and enriches the hackers in the process. Needless to say, the impact of WannaCry was so strong that the U.K.’s National Health Service had to turn away non-critical emergencies at the doors of their hospitals. Entire filesystems inside the hospitals were locked or shut down due to the hack. Authorities in the U.S. later declared that North Korea was responsible for the hack, as well as the deployment of the virus into the wild. For this recent string of ransomware attacks, however, the perpetrators do not appear to be a nation-state of any kind. Instead, experts at Malwarebytes, an antivirus developer, are pinning responsibility on a group of hackers called ShadowGate. This isn’t the first time they’ve used this line of attack, and the current string of ransomware is actually a modified version of older code they’ve used. The attack works by targeting exploits found in outdated versions of the Flash video player, a notoriously vulnerable medium for malware. By running the codes inside of a fake javascript file, the hackers can inject the virus into your computer when you visit an infected website — no downloads required!
What can I do to protect myself against ShadowGate
Right now, analysts are still studying the widespread impact of this particular chain of attacks. They’ve managed to confirm one website, onlinevideoconverter[.]com , was compromised by ShadowGate and used to spread malware to visitors. Researchers are still looking for other websites that may be compromised. To keep your computer safe, the best defense you can have is updated software. This means your web browser, extensions, operating system, antivirus, and everything in between should be updated to the latest version. Official software updates tend to contain security patches and exploit fixes that keep users safe from harm, so keeping the latest editions of software on your device can immunize you against the most common threats on the net. One slightly comforting thing, ironically, is the fact that it’s very easy to know if you’ve been infected by ShadowGate’s ransomware. Once it’s on your system, the software activates quickly — with an alert that tells you your files have been locked. If you haven’t seen any alert of this kind, you’re in the clear. The fact that you’re here on Komando.com rather than staring at a creepy alert is a good sign, in this case. Just make sure to stick to familiar websites while surfing the net. A careless click on an errant link can send you spiraling into digital oblivion. On top of this, try not to click unusual links shared to you by friends, contacts, or strangers. Even if you know the other party, their accounts may have been compromised to use as a malware vector. So long as you tread cautiously, you should be able to ride out the storm at its worst. Always be vigilant, and never click on strange links. These are two of the most important lessons anyone can learn on the internet. For extra protection, one of the best things you can do is back up your files to a cloud-based storage system. The files aren’t even stored on your system — which immunizes you to ransomware! At Komando.com, we recommend our sponsor IDrive for all of your cloud-based storage needs. Save 90% on 5 TB of cloud backup now! That’s less than $7 for the first year! Tap or click here to see how you can get the most out of backing up your system with IDrive.