New ransomware campaign pilfers passwords before encrypting gigabytes of data
A new wave of crypto ransomware is hitting Windows users courtesy of poorly secured websites. Those sites are infected with Angler, the off-the-shelf, hack-by-numbers exploit kit that saves professional criminals the hassle of developing their own attack.
The latest round is especially nasty because before encryption, the drive-by attacks first use malware known as Pony to harvest any login credentials stored on the infected computer, according to a blog post published by a firm called Heimdal Security.
To consider just how insidious attacks like these are, consider this: earlier this week, Ars reported that theReader’s Digest website was actively infected by Angler. A reader promptly replied that someone in his organization had visited the site in early November—four weeks before the article was published—and was infected by CryptoWall after reading an article. The target’s only mistake, it seems, was failing to update one of several apps.