US Toy Maker Maisto's Website Pushes Ransomware

An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

Ransomware criminals should be executed

It's a truly nasty crime to commit. Can anyone justify why criminals like the ones responsible for this story shouldn't receive the death penalty if convicted? I see no reason why the death penalty would be too harsh, given the crime.

Re:Ransomware criminals should be executed

The should be a game for every ransomware, involving decrypting the algorithm used and such. Caught ransomware developers must play this game for their lives, and in the end they must lose.

Re: Ransomware criminals should be executed

[slazzy]

I don't beleive anyone should get the death penalty. But definitely some good hard jailtime for ransonware crooks.

Re:Ransomware criminals should be executed

[U2xhc2hkb3QgU3Vja3M]

Death is too quick and easy. I say we never let them use or even touch anything with a processor inside.

That means using a teller when going to the bank, having to use a bike or walk to go anywhere, not being able to use modern appliances, no cellphone, having to use a mechanical watch, not even be allowed to use a basic calculator, etc.

Re:Ransomware criminals should be executed

In response to computer hacking, you want to escalate to murder. Have you been associating with right-wing extremists?

Re:Ransomware criminals should be executed

As long as the ransomware author is a white CIS male, you'd have many more left-wing extremists calling for his murder than right-wingers.

Re: Ransomware criminals should be executed

[dhalsim2]

I, too, am against capital punishment. I have absolutely nothing against corporal punishment though.

"Get his ass whipped with 20 lashes like that dude up in Singapore"
-- Ice Cube

makes no difference

there is no fundamental difference between a request for an ad banner and a request for a javascript based exploit injector.
none at all. Just different payloads for same mechanism.

at this time, /. attempts to make requests to
googletag
tag.crsspsl
ntv.io
cloudfront
janrain.com
taboola
truste.com
pro-market.net
slashdotmedia anal-ytics

And thats without running any js except from https://it.slashdot.org.
What was my point again? I forget.
Oh yeah. Ecmascript making http calls all over the place is bad and you should feel bad.
Can't the greedy bastards(i mean highly valued advertising partners) datamine access and error logs instead? Or do the access+error logs come at a premium? Oh screw it, I probably can't afford it anyway.

Websites are for LUDDITES.

Modern app appers ONLY app apps, NOT LUDDITE WEBSITES, so app appers don't get apped by LUDDITE ransomware!

Apps!

Windows again

Ah, Windows, what did you do now? Kinda like the retarded cousin of Operating Systems - slow and stupid, but it's family and familiar so whatcha going to do?.

Re:Windows again

[U2xhc2hkb3QgU3Vja3M]

http://img10.deviantart.net/62...

Re:Windows again

There's far more incentive to create ransomware for Windows than for other systems. The idea of ransomware is to get a large number of victims to each pay some money. Because Windows is deployed so widely, it is obviously the best target for ransomware. While these exploits primarily target Windows, the vulnerabilities in Java and Flash could affect Linux and OS X systems. Silverlight vulnerabilities could affect OS X systems. Were the exploit for Firefox, for example, it certainly could exploit both Windows and Linux. Furthermore, this relies on vulnerabilities in software running in user space and not the actual OS. A malicious program running in user space could as easily encrypt a user's files on Linux as it would on Windows. The only difference is that there aren't enough desktop Linux and OS X systems to make such an attack particularly worthwhile.

Re:Windows again

How many billions of dollars has MS made off of windows? Maybe they should allocate 5% of that towards making windows more secure. I guess that will never happen - CEO needs another yacht.

Who's affected?

[U2xhc2hkb3QgU3Vja3M]

The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

  So, only the stupid users then.

Re:Who's affected?

[An+dochasac]

The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

So, only the stupid users then.

And your arrogance ^ my friend, is the root of the problem. If we in the IT community are so much smarter than end users, why was telnet, ftp, smtp, http, Microsoft Windows, IoT... all designed without even the most basic considerations for security? Shouldn't an information appliance be designed so that a child, grandmother, astronaut or household pet be able to "click on" or view anything without damaging the information appliance, leaking personal details, joining a botnet.

The scum and script kiddies who write the ransomware are not rocket scientists. They're simply vandalizing a cyber-society where front and back doors are left unlocked. If we built cities as we build software, the first woodpecker would destroy civilization.

Re:Who's affected?

[U2xhc2hkb3QgU3Vja3M]

It's not arrogance, it's knowledge. I do try to educate people around me about removing Flash, Adobe Reader, Silverlight and using another browser than Internet Explorer because they're insecure. But if they don't listen because "website XYZ requires it" then there's nothing more I can do about it.

Re:Who's affected?

[Garybaldy]

I am sure your plumber, electrician, mechanic etc think the same of you.

APK Hosts File Engine 9.0++ stops maisto.com

See subject + it's C&C servers APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...

Less power/cpu/ram + IO use vs. DNS/routers/antivirus + less security issues/complexity. Compliments firewalls (w/ layered drivers blocking less used IP addys vs. hosts blocking more used domains) & DNS (lighten dns load). Gets data via 10 security sites.

Works vs. caps & HTTP PUSH ads w/ firewalls.

* Ads rob bandwidth/speed paid for, security (openbid adnetworks abuse), privacy in tracking + anonymity.

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogtrackers) natively. Hosts != blockable by ClarityRay (like. souled-out to admen inferior wasteful redundant slower usermode browser addons)

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "I've seen the code & yes it is safe" http://forum.hosts-file.net/vi... )

Re:APK Hosts File Engine 9.0++ stops maisto.com

That's nice and all... but as another poster keenly observed and posted above... ONLY apps can app apps, not luddite host files.

Toy website, toy ransomware

[davidwr]

"...the latest victim being U.S. toy maker Maisto"

"Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. "

For real ransomware that's not just a toy, go to a web site of a durable-goods manufacturer.

Clearly the victim's fault

[Calydor]

What do people really expect, visiting such seedy and nefarious parts of the internet like the official website of a toy producer.

Blocking hosts file entries vs. CryptXXX

0.0.0.0 host.vivialvarez.com.ar
0.0.0.0 kw.projetoraizes.com.br
0.0.0.0 net.jacquieleebrasil.com.br
0.0.0.0 bintiye.helpthevets.org
0.0.0.0 mcimaildmz.dinnerplate.co.uk
0.0.0.0 candidulumbestuurlijk.newlandsierrarealestate.com
0.0.0.0 frageboegen-plletyksin.breastcanceroutreach.com
0.0.0.0 reikleivn-azarashi.orlandohomesbydevito.com
0.0.0.0 litigators.esteroscreen.com
0.0.0.0 vivialvarez.com.ar
0.0.0.0 projetoraizes.com.br
0.0.0.0 jacquieleebrasil.com.br
0.0.0.0 helpthevets.org
0.0.0.0 dinnerplate.co.uk
0.0.0.0 newlandsierrarealestate.com
0.0.0.0 breastcanceroutreach.com
0.0.0.0 orlandohomesbydevito.com
0.0.0.0 esteroscreen.com
0.0.0.0 qrwzoxcjatynejejsz.com
0.0.0.0 yfczmludodohkdqnij.com
0.0.0.0 ranetardinghap.com
0.0.0.0 cetinhechinhis.com
0.0.0.0 tedgeroatref.com
0.0.0.0 rerobloketbo.com
0.0.0.0 tonthishessici.com
0.0.0.0 allofuslikesforums.com
0.0.0.0 oqpwldjc.mjobrkn3.eu
0.0.0.0 mjobrkn3.eu
0.0.0.0 maisto.com
0.0.0.0 rp4roxeuhcf2vgft.onion.to
0.0.0.0 rp4roxeuhcf2vgft.onion.cab
0.0.0.0 rp4roxeuhcf2vgft.onion.city
0.0.0.0 onion.to
0.0.0.0 onion.cab
0.0.0.0 onion.city

* Putting those in your custom hosts file stops this thing cold...

APK

P.S.=> Courtesy/Credits to http://researchcenter.paloalto... AND https://www.proofpoint.com/us/... ... apk

Ransomware"legimacy"

Here is a business idea: sell a remote encryption service to criminals and pedophiles which encrypts their drives simply by loading the provided innocent looking site. The customer of the police can't then comply with a court orders since the key is held by the service provider in some distant country. If the businesses are no longer targeted, the most of the attention form the law enforcement will probably also disappear.

APK Hosts File Engine 9.0++ stops it

APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...

Less power/cpu/ram + IO use vs. DNS/routers/antivirus + less security issues/complexity. Compliments firewalls (w/ layered drivers blocking less used IP addys vs. hosts blocking more used domains) & DNS (lighten dns load). Gets data via 10 security sites.

Works vs. caps & HTTP PUSH ads w/ firewalls.

Ads rob bandwidth/speed paid for, security (openbid adnetworks abuse), privacy in tracking + anonymity.

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogtrackers) natively. Hosts != blockable by ClarityRay (like. souled-out to admen inferior wasteful redundant slower usermode browser addons)

* PERTINENT BLOCKLIST vs. CryptXXX/Maisto: https://it.slashdot.org/commen...

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "I've seen the code & yes it is safe" http://forum.hosts-file.net/vi... )

Website pushes Microsoft ransomware

[tetraverse]

Corrected title for accuracy ..

on the rise

I have a honeypot email address and these attacks have spiked recently. I probably get 20/day now. Invoices, price lists, receipts, etc.