Sign in / up

back to article UCL ransomware attack traced to malvertising campaign

Security researchers have suggested that the ransomware attack on University College London last week was spread through a "malvertising" campaign. Proofpoint reckons the AdGholas group spread the infection using malware-tainted online ads. This was a "zero-click required" campaign that could infect users who simply visited a …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Patching?

    Seems the vulnerabilities were patched in 2016.

    0 0 Reply
  2. Kevin Johnston

    Shocked

    I am shocked I tell you

    "happy to trade defence-in-depth strategies for single vendor reliance when moving to the cloud"

    Moving to the cloud fixes everything, this salesman showed me a report on the internet so it MUST be true

    11 0 Reply
  3. Joe Drunk
    Happy

    Ad blockers FTW!!!

    See title

    15 0 Reply
  4. TRT Silver badge

    Outlook Obscur-o-matic link checker...

    is more of a hinderance than a help. Completely obfuscates the original URL, so any user education about how to spot a dodgy link is lost.

    6 2 Reply
    1. Marc 13
      Reply Icon

      Re: Outlook Obscur-o-matic link checker...

      Not just Outlook but also ProofPoint's (mentioned a number of time in the article) own "URL defense" does exactly that too!

      3 0 Reply
  5. Pen-y-gors

    Footnote

    1 These compromised sites hosted an exploit kit that used software vulns to push malicious code onto the Windows PCs of visiting surfers, a common hacking and malware distribution technique.2

    2 unless those PCs are running up-to-date software and some decent up-to-date anti-malware software, like what any sensible user would.

    4 0 Reply
    1. Doctor Syntax Silver badge
      Reply Icon

      Re: Footnote

      unless those PCs are running ... some decent up-to-date anti-malware software adblocker

      3 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Footnote

      (2) .. that only affects computers already infected with Windows™

      2 0 Reply
  6. Bob Hoskins

    Not North Korea?

    Surprised the NSA haven't jumped on this yet.

    1 0 Reply
    1. EnviableOne
      Reply Icon
      Coat

      Re: Not North Korea?

      You sure its not Fancy Bear either?

      mines the one with "if in doubt, blame the russians" on the back

      0 0 Reply
  7. B*stardTintedGlasses

    From the name I would go ahead and try and pin attribution on House Tleilaxu.

    AdGhola campaign "Duncan Idaho"....

    5 0 Reply
  8. Anonymous South African Coward Silver badge

    Adblock time then.

    3 0 Reply
  9. NonSSL-Login
    Facepalm

    Drive-by malware downloads still a thing in 2017....

    Flash and Internet Explorer still the culprits...who would have guessed. /sarcasm

    3 1 Reply
  10. herman Silver badge

    Patching Microsoft security issues is like fixing a rusted sieve with chewing gum.

    4 1 Reply
  11. Ramis101

    How to stay safe on-line

    2 things everyone should use. Adblockplus and Noscript.

    You don't need an AV if the nasty can't get in in the first place

    0 0 Reply
  12. jbonifacino

    It really is a shame that so many organizations around the world wrongfully believe that legacy / reactive anti-virus software technology is sufficient in stopping 0-day malware & ransomware. Comodo has 90+ million endpoints protected and not one has been infected, even the CIA is calling it a PITA...

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like