Ransomwares have struck again! This time, the target cum conduit was Adobe Systems Inc. Apparently, a security flaw in the company’s popular, flash software was being exploited to deliver ransomware to Windows PCs. The company has issued an emergency update to flash to take care of the issue.
The attacks are taking the form of a drive by and can be caused by visiting tainted websites. So if you are happily browsing away and happened to chance upon one of those websites, you could very well end up being infected by a ransomware, which would then make it merry way to your computer via a bug in adobe’s flash software.
As for what they are capable of, ransomware encrypt all the data on your PC, effectively locking it up. The attackers then demand hard cash in lieu of unlocking the device. Each attack could thus leave your pockets lighter by anywhere between$200 to $600.
And the ransomware-ers are playing some pretty deep, psychological games as well. For example, did you know that a bug called Cerber actually reads the note aloud in order to scare its victims and ensure a prompt ransom.
What is making these attacks even more dangerous is the fact that hackers have begun getting their hands upon zero days vulnerabilities. These loopholes, that until now were known only to governments and high powered corporations — that used it for espionage and stuff — are now being traded and exploited to produce such attacks.
Meanwhile, Adobe has plugged the gap with the update and requested the more than 1 billion users of Flash on all the different platforms, to update their product as quickly as possible.
The flaw was being actively exploited on systems running Windows with Flash Player version 220.127.116.116 or earlier and considering that the Player is widely used for watching videos, animations and other multimedia on web pages and elsewhere, the attack has a lot of potential victims.
In a security bulletin, it said,
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Meanwhile, you can verify the version of Adobe Flash Player installed on your system by either accessing the About Flash Player page, or by right-clicking on content running in Flash Player and selecting “About Adobe Flash Player” from the menu.
You can know more about the problem and fix it by visiting the Adobe security page and downloading the updates to your system.