back to article UCL ransomware attack traced to malvertising campaign

Security researchers have suggested that the ransomware attack on University College London last week was spread through a "malvertising" campaign. Proofpoint reckons the AdGholas group spread the infection using malware-tainted online ads. This was a "zero-click required" campaign that could infect users who simply visited a …

  1. Anonymous Coward
    Anonymous Coward


    Seems the vulnerabilities were patched in 2016.

  2. Kevin Johnston Silver badge


    I am shocked I tell you

    "happy to trade defence-in-depth strategies for single vendor reliance when moving to the cloud"

    Moving to the cloud fixes everything, this salesman showed me a report on the internet so it MUST be true

  3. Joe Drunk

    Ad blockers FTW!!!

    See title

  4. TRT Silver badge

    Outlook Obscur-o-matic link checker...

    is more of a hinderance than a help. Completely obfuscates the original URL, so any user education about how to spot a dodgy link is lost.

    1. Marc 13

      Re: Outlook Obscur-o-matic link checker...

      Not just Outlook but also ProofPoint's (mentioned a number of time in the article) own "URL defense" does exactly that too!

  5. Pen-y-gors Silver badge


    1 These compromised sites hosted an exploit kit that used software vulns to push malicious code onto the Windows PCs of visiting surfers, a common hacking and malware distribution technique.2

    2 unless those PCs are running up-to-date software and some decent up-to-date anti-malware software, like what any sensible user would.

    1. Doctor Syntax Silver badge

      Re: Footnote

      unless those PCs are running ... some decent up-to-date anti-malware software adblocker

    2. Anonymous Coward
      Anonymous Coward

      Re: Footnote

      (2) .. that only affects computers already infected with Windows™

  6. Bob Hoskins

    Not North Korea?

    Surprised the NSA haven't jumped on this yet.

    1. EnviableOne Silver badge

      Re: Not North Korea?

      You sure its not Fancy Bear either?

      mines the one with "if in doubt, blame the russians" on the back

  7. B*stardTintedGlasses

    From the name I would go ahead and try and pin attribution on House Tleilaxu.

    AdGhola campaign "Duncan Idaho"....

  8. Anonymous South African Coward Silver badge

    Adblock time then.

  9. NonSSL-Login

    Drive-by malware downloads still a thing in 2017....

    Flash and Internet Explorer still the culprits...who would have guessed. /sarcasm

  10. herman Silver badge

    Patching Microsoft security issues is like fixing a rusted sieve with chewing gum.

  11. Ramis101

    How to stay safe on-line

    2 things everyone should use. Adblockplus and Noscript.

    You don't need an AV if the nasty can't get in in the first place

  12. jbonifacino

    It really is a shame that so many organizations around the world wrongfully believe that legacy / reactive anti-virus software technology is sufficient in stopping 0-day malware & ransomware. Comodo has 90+ million endpoints protected and not one has been infected, even the CIA is calling it a PITA...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020