Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Toy Maker Maisto's Website Pushes Ransomware (pcworld.com)

Posted by msmash on from the tricking-kids-into-downloading-free-games dept.

An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

26 comments

  1. Ransomware criminals should be executed by Anonymous Coward · · Score: 0

    It's a truly nasty crime to commit. Can anyone justify why criminals like the ones responsible for this story shouldn't receive the death penalty if convicted? I see no reason why the death penalty would be too harsh, given the crime.

    1. Re:Ransomware criminals should be executed by Anonymous Coward · · Score: 0

      The should be a game for every ransomware, involving decrypting the algorithm used and such. Caught ransomware developers must play this game for their lives, and in the end they must lose.

    2. Re: Ransomware criminals should be executed by slazzy · · Score: 2

      I don't beleive anyone should get the death penalty. But definitely some good hard jailtime for ransonware crooks.

      --
      Website Just Down For Me? Find out
    3. Re:Ransomware criminals should be executed by U2xhc2hkb3QgU3Vja3M · · Score: 0

      Death is too quick and easy. I say we never let them use or even touch anything with a processor inside.

      That means using a teller when going to the bank, having to use a bike or walk to go anywhere, not being able to use modern appliances, no cellphone, having to use a mechanical watch, not even be allowed to use a basic calculator, etc.

    4. Re:Ransomware criminals should be executed by Anonymous Coward · · Score: 0

      As long as the ransomware author is a white CIS male, you'd have many more left-wing extremists calling for his murder than right-wingers.

    5. Re: Ransomware criminals should be executed by dhalsim2 · · Score: 1

      I, too, am against capital punishment. I have absolutely nothing against corporal punishment though.

      "Get his ass whipped with 20 lashes like that dude up in Singapore"
      -- Ice Cube

  2. makes no difference by Anonymous Coward · · Score: 0

    there is no fundamental difference between a request for an ad banner and a request for a javascript based exploit injector.
    none at all. Just different payloads for same mechanism.

    at this time, /. attempts to make requests to
    googletag
    tag.crsspsl
    ntv.io
    cloudfront
    janrain.com
    taboola
    truste.com
    pro-market.net
    slashdotmedia anal-ytics

    And thats without running any js except from https://it.slashdot.org.
    What was my point again? I forget.
    Oh yeah. Ecmascript making http calls all over the place is bad and you should feel bad.
    Can't the greedy bastards(i mean highly valued advertising partners) datamine access and error logs instead? Or do the access+error logs come at a premium? Oh screw it, I probably can't afford it anyway.

  3. Who's affected? by U2xhc2hkb3QgU3Vja3M · · Score: 1, Insightful

    The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

      So, only the stupid users then.

    1. Re:Who's affected? by An+dochasac · · Score: 4, Insightful

      The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

      So, only the stupid users then.

      And your arrogance ^ my friend, is the root of the problem. If we in the IT community are so much smarter than end users, why was telnet, ftp, smtp, http, Microsoft Windows, IoT... all designed without even the most basic considerations for security? Shouldn't an information appliance be designed so that a child, grandmother, astronaut or household pet be able to "click on" or view anything without damaging the information appliance, leaking personal details, joining a botnet.

      The scum and script kiddies who write the ransomware are not rocket scientists. They're simply vandalizing a cyber-society where front and back doors are left unlocked. If we built cities as we build software, the first woodpecker would destroy civilization.

    2. Re:Who's affected? by U2xhc2hkb3QgU3Vja3M · · Score: 1

      It's not arrogance, it's knowledge. I do try to educate people around me about removing Flash, Adobe Reader, Silverlight and using another browser than Internet Explorer because they're insecure. But if they don't listen because "website XYZ requires it" then there's nothing more I can do about it.

    3. Re:Who's affected? by Garybaldy · · Score: 1

      I am sure your plumber, electrician, mechanic etc think the same of you.

  4. Re:Windows again by U2xhc2hkb3QgU3Vja3M · · Score: 2

    http://img10.deviantart.net/62...

  5. Re:Windows again by Anonymous Coward · · Score: 0

    There's far more incentive to create ransomware for Windows than for other systems. The idea of ransomware is to get a large number of victims to each pay some money. Because Windows is deployed so widely, it is obviously the best target for ransomware. While these exploits primarily target Windows, the vulnerabilities in Java and Flash could affect Linux and OS X systems. Silverlight vulnerabilities could affect OS X systems. Were the exploit for Firefox, for example, it certainly could exploit both Windows and Linux. Furthermore, this relies on vulnerabilities in software running in user space and not the actual OS. A malicious program running in user space could as easily encrypt a user's files on Linux as it would on Windows. The only difference is that there aren't enough desktop Linux and OS X systems to make such an attack particularly worthwhile.

  6. Re:Windows again by Anonymous Coward · · Score: 0

    How many billions of dollars has MS made off of windows? Maybe they should allocate 5% of that towards making windows more secure. I guess that will never happen - CEO needs another yacht.

  7. Toy website, toy ransomware by davidwr · · Score: 1

    "...the latest victim being U.S. toy maker Maisto"

    "Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. "

    For real ransomware that's not just a toy, go to a web site of a durable-goods manufacturer.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  8. Clearly the victim's fault by Calydor · · Score: 1

    What do people really expect, visiting such seedy and nefarious parts of the internet like the official website of a toy producer.

    --
    -=This sig has nothing to do with my comment. Move along now=-
  9. Blocking hosts file entries vs. CryptXXX by Anonymous Coward · · Score: 0

    0.0.0.0 host.vivialvarez.com.ar
    0.0.0.0 kw.projetoraizes.com.br
    0.0.0.0 net.jacquieleebrasil.com.br
    0.0.0.0 bintiye.helpthevets.org
    0.0.0.0 mcimaildmz.dinnerplate.co.uk
    0.0.0.0 candidulumbestuurlijk.newlandsierrarealestate.com
    0.0.0.0 frageboegen-plletyksin.breastcanceroutreach.com
    0.0.0.0 reikleivn-azarashi.orlandohomesbydevito.com
    0.0.0.0 litigators.esteroscreen.com
    0.0.0.0 vivialvarez.com.ar
    0.0.0.0 projetoraizes.com.br
    0.0.0.0 jacquieleebrasil.com.br
    0.0.0.0 helpthevets.org
    0.0.0.0 dinnerplate.co.uk
    0.0.0.0 newlandsierrarealestate.com
    0.0.0.0 breastcanceroutreach.com
    0.0.0.0 orlandohomesbydevito.com
    0.0.0.0 esteroscreen.com
    0.0.0.0 qrwzoxcjatynejejsz.com
    0.0.0.0 yfczmludodohkdqnij.com
    0.0.0.0 ranetardinghap.com
    0.0.0.0 cetinhechinhis.com
    0.0.0.0 tedgeroatref.com
    0.0.0.0 rerobloketbo.com
    0.0.0.0 tonthishessici.com
    0.0.0.0 allofuslikesforums.com
    0.0.0.0 oqpwldjc.mjobrkn3.eu
    0.0.0.0 mjobrkn3.eu
    0.0.0.0 maisto.com
    0.0.0.0 rp4roxeuhcf2vgft.onion.to
    0.0.0.0 rp4roxeuhcf2vgft.onion.cab
    0.0.0.0 rp4roxeuhcf2vgft.onion.city
    0.0.0.0 onion.to
    0.0.0.0 onion.cab
    0.0.0.0 onion.city

    * Putting those in your custom hosts file stops this thing cold...

    APK

    P.S.=> Courtesy/Credits to http://researchcenter.paloalto... AND https://www.proofpoint.com/us/... ... apk

  10. Ransomware"legimacy" by Anonymous Coward · · Score: 0

    Here is a business idea: sell a remote encryption service to criminals and pedophiles which encrypts their drives simply by loading the provided innocent looking site. The customer of the police can't then comply with a court orders since the key is held by the service provider in some distant country. If the businesses are no longer targeted, the most of the attention form the law enforcement will probably also disappear.

  11. APK Hosts File Engine 9.0++ stops it by Anonymous Coward · · Score: 0

    APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...

    Less power/cpu/ram + IO use vs. DNS/routers/antivirus + less security issues/complexity. Compliments firewalls (w/ layered drivers blocking less used IP addys vs. hosts blocking more used domains) & DNS (lighten dns load). Gets data via 10 security sites.

    Works vs. caps & HTTP PUSH ads w/ firewalls.

    Ads rob bandwidth/speed paid for, security (openbid adnetworks abuse), privacy in tracking + anonymity.

    Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogtrackers) natively. Hosts != blockable by ClarityRay (like. souled-out to admen inferior wasteful redundant slower usermode browser addons)

    * PERTINENT BLOCKLIST vs. CryptXXX/Maisto: https://it.slashdot.org/commen...

    APK

    P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "I've seen the code & yes it is safe" http://forum.hosts-file.net/vi... )

  12. Website pushes Microsoft ransomware by tetraverse · · Score: 1

    Corrected title for accuracy ..

  13. Re:APK Hosts File Engine 9.0++ stops maisto.com by Anonymous Coward · · Score: 0

    That's nice and all... but as another poster keenly observed and posted above... ONLY apps can app apps, not luddite host files.

  14. on the rise by Anonymous Coward · · Score: 0

    I have a honeypot email address and these attacks have spiked recently. I probably get 20/day now. Invoices, price lists, receipts, etc.