A Malvertising Campaign that Infects PCs with Mole Ransomware

Laptop on desk Showing Red Screen with Padlock icon.Computer has been blocked access to Data with Ransomware
Malicious malvertising campaigns have taken the world by storm in the last few years, affecting hundreds of thousands of people all over the world.

Ransomware is a recent and unique phenomenon that has been troubling our world significantly. It is a form of malware that encrypts data that exists on a PC or is shared across networks.

By its very nature, ransomware aims to block access to personal or company data, and the perpetrator threatens to sell, delete or publish the data unless a ransom is made.

In the current online world, data is everything—and so virtual attacks are being carried out for its extortion.

Over the years, ransomware has been spread through malvertising campaigns.

Malvertising is the usage of online advertisements to spread malware with the intention to infiltrate and infect computers and networks.

Several companies and organizations have been affected due to the rise of these malicious attacks.

While some have paid their way out of their predicaments, most have been bold enough to stand their ground and not negotiate with these online criminals.

With increasing reports of such attacks happening, organizations all over the world are preparing themselves to safeguard their precious data by utilizing cutting-edge online security programs.

The History of Ransomware

Ransomware has been around since 1989, but its application and usage increased exponentially only over the last few years.

It was first known as AIDS or the PC Cyborg Trojan, and it was spread initially through floppy disks.

Once the floppy was inserted, it latched on to the system and encrypted the data to prevent it from being accessed by the owner of the system.

The owner would then receive a message on their PC telling them to make a payment to a P.O. Box in Panama, so as to regain access to their data.

While the essence of this ransomware still remains the same, it has evolved into a much more powerful beast.

The earlier version used basic cryptography, merely altering the names of files and such.

Most often, rebooting the system used to solve this issue. But today, criminals utilize far more advanced cryptography to encrypt files and completely shut down access.

In 2013, a ransomware called CryptoLocker was released and wreaked widespread havoc, infecting a number of computers in multiple locations.

Out of all the individuals affected, about 41 percent claimed that they were on the verge of paying the ransom, but only about 1.3 percent actually paid up.

The perpetrators were estimated to have extorted around $3 million from CryptoLocker.

Criminals however, started developing more advanced malware programs, and this paved way for the creation of Locky.

Remembered as one of the most notorious forms of ransomware, it terrorized organizations all over the world.

What made Locky more terrifying was the fact that the operators of this malicious malware started updating it so as to avoid detection from the latest security programs.

The Rise of the Mole Ransomware

In April 2017, a malicious spam campaign rocked the world and introduced the Mole ransomware.

Security researchers gave the ransomware this name due to the fact that it encrypts files and changes their extensions to MOLE.

These first ransomware attacks were done using the United States Postal Service, where emails with links leading to fake Microsoft Word sites asked users to install the malware disguised as plugins.

A recent ransomware attack was made on several United Kingdom universities through a widespread malvertising campaign.

This particular ransomware has the ability to infiltrate systems of users who merely visited Mole malware infected websites.

ENCRYPTING RANSOMWARE on a virtual control screen
The malicious spam campaign introduced the Mole ransomware

It has also been linked to the AdGholas group who are well-known malvertising purveyors.

Although previous statements made by security staff at University College London estimated that the malware entered their network through phishing emails, later updates state that the attack might have occurred from users visiting a compromised website.

Windows users were largely affected by the attack, but reports of Mac or Linux users haven’t noted any such issues.

However, UCL has reported that all of their services have returned to normal and all of their storage and shared drives have been restored.

Who Was Affected?

While the universities were certainly the highest-profile targets, this ransomware campaign had broader ambitions as it affected users from several countries.

The attack spread so easily due to the fact that users didn’t even need to click on the ads to have the ransomware enter their systems.

The mere display of these ads was enough. And if the targeted machine was vulnerable, the infection occurred without any interaction from the user.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.