If these universities had run an ad blocker they might have been saved from ransomware attack

Are you running an ad blocker yet?

If these universities had run an ad blocker they might have been saved from ransomware attack

Earlier this month a number of British universities, including University College London and Ulster University reported that their systems had been hit hard by a ransomware attack.

Although initially it was thought likely that the attacks had entered the universities' servers via poisoned emails (it's very normal to see ransomware being spread via malicious email attachments), it transpires that the actual vector for infection was malvertising instead.

More details can be found in this technical article by researchers at Proofpoint, who believe that an AdGholas drive-by malvertising campaign helped infect the universities with the Mole ransomware, taking advantage of an exploit kit.

Mole ransomware message

Malvertising - or malicious advertising - see poisoned adverts placed on legitimate websites. You surf to the website on a vulnerable computer, and you could have your computer infected just by browsing the page containing the ad. It's important to realise that you don't need to click on a malicious ad to be infected by it.

Many sites, including some very famous ones, have suffered from malvertising being used to spread attacks to their visitors in the past - and it seems that advertising networks continue to struggle to keep poisoned ads out of their stream.

My answer to this? Well, obviously you should keep your computers up-to-date with security patches and the latest anti-virus software, but you should also strongly consider running an ad blocker.

An ad blocker will prevent ads from appearing in your browser. It means that your browsing will not only be faster and more private (unscrupulous advertisers are known to track your movements online), but also safer.

Of course, running an ad blocker doesn't help those sites which are trying to earn a buck through the ads that they plaster over their sites. If you want to support the sites you love, investigate whether you can help it in other ways - such as paying a subscription which offers no ads, or encourage companies to sponsor the site.

Until advertising networks manage to clean up their act, and stop distributing ads that are put our privacy and security at risk, I can't advocate anyone going on the internet without an ad blocker.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

5 Responses

  1. drsolly

    June 23, 2017 at 7:53 pm #

    Until the ad agencies find a way to eliminate malvertising, an increasing number of people will be running ad blockers. And I don't see any ad agency announcing any actions.

  2. Rob

    June 23, 2017 at 8:31 pm #

    Agree! We have deployed Adblock Plus via their free "large scale deployment" program for sys admins, and it worked really well

  3. Crawdad

    June 25, 2017 at 10:33 pm #

    Adblockers aren't a security tool. They may stop an ad from complete rendering, but in some situations the code executes (w/o seeing the creative) and plenty of companies pay to have their ads whitelisted. For fun, I take screenshots of ads rendering when ABP is turned on. Good times.

  4. Mark Jacobs

    June 26, 2017 at 10:45 am #

    The poll is not working. I get this error :-

    Uncaught Error: Syntax error, unrecognized expression: #dyamar_poll_https://www.grahamcluley.com/universities-run-ad-blocker-might-saved-ransomware-attack/# .dyamar-poll-content
    at Function.fa.error (jquery.js:2)
    at fa.tokenize (jquery.js:2)
    at fa.select (jquery.js:2)
    at Function.fa (jquery.js:2)
    at Function.a.find (jquery-migrate.min.js:1)
    at n.fn.init.find (jquery.js:2)
    at n.fn.init.a.fn.find (jquery-migrate.min.js:1)
    at a.fn.init.n.fn.init (jquery.js:2)
    at a.fn.init (jquery-migrate.min.js:1)
    at n (jquery.js:2)

    • Graham Cluley in reply to Mark Jacobs.

      June 26, 2017 at 10:51 am #

      Odd. It was working for me when I first published the article. I will remove the poll from this article until I have managed to investigate further. Thanks

Leave a Reply