Defending against Cryptowall ransomware
In recent weeks we have been dealing with incidents of ransomware. The ransomware used in all of those incidents was Cryptowall 4.0 and its variants.
Techniques used to exploit the organizations included:
- The compromise of sites that were categorized as non-malicious and allowed by the organization’s web filtering software
- Using zero day variants of the ransomware so that existing anti-malware programmes did not detect or block it
The attack vector on the end user machine in all cases exploited unpatched adobe flash plugins on the end user’s browser to install the malware.