[email protected] +603-2181 3666
All IT News eConfirm.my
IT News
Cryptowall Ransomware Delivered Through Google Drive
July 3, 2015 By aatech
0

This time Google Drive is being used as a vector for launching CryptoWall ransomware. The payload is delivered through Google Drive platform. The payload in turn runs CryptoWall from a long list of compromised websites.

From the compromised webpages, numbering more than 80, several malicious scripts force users to a narrow selection of dedicated domains used in this campaign. These domains make use of a commercial exploit kit known as RIG, which abuses vulnerabilities in JavaJRE, Adobe Reader, IE and Flash Player. If the victim’s computer is not updated with the latest version of this software, this exploit kit will drop a file that contacts a series of predefined Google drive URLs (web links).

The Google drive URLs dropper (resume.zip -> my_resume_pdf_id-4535-4553—293.scr) is executed. It then connects to a series of compromised web pages, where the main component of Cryptowall3 is downloaded and run. A total of 45 compromised websites are used in the delivery platforms.

CryptoWall encrypts a variety of data files on the local hard drive and available network drives with a RSA2048 key.

 

CryptoWall-3.0-Malware

In this case, the infection goes undetected past most endpoint security solutions because of its delivery method.

CryptoWall 3.0 is said to be a highly advanced type of malware, and is a variant of CryptoLocker which was taken down by security companies and state agencies around the world. It appeared in the beginning of this year and has been prominent in at 3 strong campaigns since.

What makes CryptoWall 3.0 especially dangerous is that it is polymorphic (see Definition) in nature and that it can evade detection and takedown attempts.

 

Definition

Polymorphic – in the case of malware the code can mutate while keeping the original algorithm intact. The code changes itself it time it runs, but the function of the code will not change.

 

Source

1.  Heimdal Security.

2.  MalwareTips (image, CryptoWall message)

 

Recommendation

1.  Be careful of websites that you access and also popular services as Google Drive, which is being used in this campaign.

2.  Never click on e-mail links from people you don’t know.

3.  Always backup your most important data, both in the cloud and on an external media device (this point cannot be stressed enough).

4.  Since most of infections are delivered through the browser, update the security settings for secure online browsing.

5.  Always keep operating system and software up to date.   Security holes in software are easily exploited by cybercriminals.