The threat actors behind the campaign exploited a Drive-by downloads tactic to deliver the CryptoWall ransomware, the experts discovered that the attack was delivered via the Zedo ad network and originated from the following five Alexa top-ranked domains:
With the above scheme, the attackers serve an instance of CryptoWall ransomware on the victim’s system, below the details of the digital signature used for the malicious code. Digitally signing malware code allow attackers to improve evasion techniques.
In a first time, the VirusTotal detection rate for this variant of CryptoWall ransomware was zero, afterwards it was improved with further analysis and in time I’m writing it is still low, just 24 on51, which makes this threat very insidious.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.