Adobe Issues Emergency Update to Flash After Ransomware Attacks

Adobe Issues Emergency Update to Flash After Ransomware Attacks
Adobe Systems Inc issued an emergency update on Thursday to its widely used Flash software for Internet browsers after researchers discovered a security flaw that was being exploited to deliver ransomware to Windows PCs.

The software maker urged the more than 1 billion users of Flash on Windows, Mac, Chrome and Linux computers to update the product as quickly as possible after security researchers said the bug was being exploited in "drive-by" attacks that infect computers with ransomware when tainted websites are visited.

Ransomware encrypts data, locking up computers, then demands payments that often range from $200 to $600 to unlock each infected PC.

Adobe's new patch fixes a previously unknown security flaw. Such bugs, known as "zero days," are highly prized because they are harder to defend against since software makers and security firms have not had time to figure out ways to block them. They are typically used by nation states for espionage and sabotage, not by cybercriminals who tend to use widely known bugs for their attacks.

Use of a "zero day" to distribute ransomware highlights the severity of a growing ransomware epidemic, which has disrupted operations at a wide range of organizations across the United States and Europe, including hospitals, police stations and school districts.

Last week, the US and Canadian governments issued a warning about the growing threat as a ransomware attack shut down computer systems at MedStar Health, the largest hospital chain in the Washington, DC, area.

Ransomware schemes have boomed in recent months, with increasingly sophisticated techniques and tools used in such operations.

"The deployment of a zero day highlights potential advancement by cybercriminals," said Kyrk Storer, a spokesman for FireEye Inc, which helped analyse the vulnerability and attacks. "We have observed ransomware and crimeware deployed via 'zero-day' before; however, it is rare."

FireEye said that the bug was being leveraged to deliver ransomware in what is known as the Magnitude Exploit Kit. This is an automated tool sold on underground forums that hackers use to infect PCs with viruses through tainted websites.

Exploit kits are used for "drive-by" attacks that automatically seek to attack the computers of people who view an infected website.

Adobe said the issue was brought to its attention by researchers with FireEye, Alphabet Inc's Google and email security provider ProofPoint.

© Thomson Reuters 2016

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Adobe, Apps, Internet, Ransomware
FBI Director: Unlocking Method Works on 'Narrow Slice' of iPhones
Google Reportedly Mulling Bid for Yahoo's Core Business

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.
Listen to the latest songs, only on JioSaavn.com