• Home go back
  • Ransomware
      • Back
      • About Ransomware
      • Who are targeted?
      • History
      • Mitigation
  • Detection and Decryption Tools
  • Ransomware Prevention
  • Types
  • News
  • Blog
  • FAQ
  • Resources
      • Back
      • Ransomware Diary

News

Locky Ransomware being Distributed through Fake Flash Player Update Sites

November 18, 2016

Fake Flash Player update sites have long been a favorite distribution method for adware and other unwanted programs. Today, a fake Flash update site was discovered by ExecuteMalware that is pushing the Locky ransomware.  When someone visits the site they will be presented with a page that states that Flash Player is out of date and then automatically downloads an executable. If you look carefully at the URL in the browser's address you can see that the domain of fleshupdate.com does not seem to  be spelled right.

fake flash player update

Fake Flash Update Web Page

The executable automatically downloaded by this site is named FlashPlayer.exe and includes a flash player icon as seen below.

program icon

Flash Icon in Downloaded File

If you look at the properties of this file, though, things start to look strange.

download properties

Locky Installer Properties

Ultimately, if a user runs this program thinking that Flash will be updated they will be in for a big surprise. Instead of a flash player update, they will ultimately be shown a Locky ransom note when the ransomware has finished encrypting the victim's files.

locky ransom note

Locky Ransom Note

The LockyDump information for the variant I tested is below. MalwareHunterTeam also saw a sample using an affiliate ID of 19, which as far as we know has not been previously seen.

Capture

As you can see, it is not only attachments and exploit kits pushing ransomware.  Everyone needs to be vigilant and careful when browsing the web. Furthermore, program updates should only be downloaded from their main product sites rather than 3rd party sites where you have no idea what you are installing.

Stay Frosty!

News Courtesy : http://www.bleepingcomputer.com/news/security/locky-ransomware-being-distributed-through-fake-flash-player-update-sites/

Search Our Site


Ransomware is emerging as a leading cybersecurity threat to both organisations and individuals. But what is it? How do you defend yourself against it?
Download our Free eBook Now

 
You Need to be Here!!

The exclusive online hub to know all and everything about Ransomware. Getting smart and being with Vinransomware is the way ahead to protect your organisation from typical Ransomware related Malware attacks.

© 2016 - 2022 Vinransomware
  • Blog
  • Forum
  • Support
  • Terms of Service
  • Privacy Policy