Cybersecurity researchers have discovered a very sophisticated Exploit Kit that is targeting countries in the Asia-Pacific region to deliver ransomware via malvertising, which is the spread of malware through online advertisements.
Exploit kits are automated threats that utilise compromised websites to divert web traffic, scan for vulnerable browser-based applications, and run malware.
Called ‘Magnitude EK', the constantly evolving Exploit Kit uses its own ransomware as its final payload.
The ransomware comes with a temporary encryption key and list of domain names and the attackers keep changing them frequently, according to the cybersecurity firm Kaspersky.
The Magnitude EK switched to an exploit for the more recent vulnerability ‘CVE-2019-1367' in an outdated web browser which was originally discovered as an exploited zero-day in the wild. The Magnitude EK is using it as their primary exploit since February 11, 2020.
"Zero day vulnerabilities are very risky for businesses, critical infrastructures, government and financial institutions and consumers who are availing themselves to the exposed browser or networks," said Dipesh Kaura, General Manager for South Asia, Kaspersky.
Magnitude EK is one of the longest-standing exploit kits. It was on offer in underground forums from 2013 and later became a private exploit kit.
The ransomware delivered by ‘Magnitude EK' doesn't encrypt the files located in common folders such as documents and settings, app data, local settings, sample music, tor browser, etc.
Before encryption, the extensions of files are checked against a hash table of allowed file extensions that contains 715 entries.
A ransom note is left in each folder with encrypted files and at the end a notepad.exe process is created to display the ransom note.
After encryption the ransomware also attempts to delete backups of the files, said the researchers.
"Storing back-up for important data is a basic step that needs to be taken especially by enterprises and government institutions in order to fight against attacks like ransomware", said Kaura.
The implementation of the Magnitude EK technique in its latest variant was an interesting discovery.
Attacks by Exploit Kits have decreased over the years but they still exist, are still active and pose a threat.
"Although Exploit Kits may be less rampant today, they prove to be actively maintained and ever-evolving, which remains a threat to users," added Boris Larin, Senior Security Researcher, Russia, Kaspersky.
India surpasses Australia, Japan, Hong Kong in data centre capacity
India has surpassed major countries like Australia, Hong Kong SAR, Japan, Singapore, and Korea becoming the country with the highest data centre capacity of 950 MW in the Asia-Pacific region (excluding China), according to a private report released on Wednesday.
Fire erupts at Mumbai hoarding crash site, doused quickly
Eyewitnesses said that as the rescue operations continue for the third day since the gigantic billboard collapsed on Monday afternoon, a gas cutter used to cut the heavy metal rods sparked a blaze.
Indian tech leaders stand behind Ola's Bhavish in his fight against Microsoft & LinkedIn
Indian tech industry leaders have come out in support of Ola Founder and CEO, Bhavish Aggarwal, after his tirade against Microsoft-owned LinkedIn for deleting his posts and "bullying Indians" into agreeing with the Big Tech platforms or cancelling them out.
UPI payments see surge in India, leading people to overspending too: Experts
As India's digital and less-cash journey gains steam, more and more people are not only purchasing their daily essentials via unified payments interface (UPI) mode of digital transactions but also costly home appliances, high-end gadgets and designer apparels, among other things.
Musk's X banned over 1.8 lakh accounts for policy violations in India in April
In total, X banned 185,544 accounts in the reporting period. The microblogging platform, in its monthly report in compliance with the new IT Rules, 2021, said that it received 18,562 complaints from users in India in the same time frame through its grievance redressal mechanisms.
'Will always protect reservation for SC, ST and OBC', assures PM Modi
Assuring that the rights of SC, ST, and OBC communities would be protected under his leadership, Prime Minister Narendra Modi, on Friday, slammed Maha Vikas Aghadi (MVA) for trying to "divide and manipulate" reservation policies for its political gains.
PPE-clad thieves clean Nashik ICICI Home Finance locker of Rs 5 cr gold jewellery
In a sensational operation, at least two thieves, one shrouded in a PPE kit, broke into the locker hold of the ICICI Home Finance Co. Ltd Nashik branch and scooted off with gold jewellery worth around Rs 4.93 crore, police said here on Monday.
Helicopter crashes en route to pick up Shiv Sena leader in Maha's Raigad
In a shocker, a private helicopter which was flying to pick up Shiv Sena Deputy Leader Sushma Andhare, suddenly crashed on landing, officials said here on Friday.