US Toy Maker Maisto's Website Pushes Ransomware

An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

Who's affected?

[U2xhc2hkb3QgU3Vja3M]

The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

  So, only the stupid users then.

Re:Who's affected?

[An+dochasac]

The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

So, only the stupid users then.

And your arrogance ^ my friend, is the root of the problem. If we in the IT community are so much smarter than end users, why was telnet, ftp, smtp, http, Microsoft Windows, IoT... all designed without even the most basic considerations for security? Shouldn't an information appliance be designed so that a child, grandmother, astronaut or household pet be able to "click on" or view anything without damaging the information appliance, leaking personal details, joining a botnet.

The scum and script kiddies who write the ransomware are not rocket scientists. They're simply vandalizing a cyber-society where front and back doors are left unlocked. If we built cities as we build software, the first woodpecker would destroy civilization.

Re:Who's affected?

[U2xhc2hkb3QgU3Vja3M]

It's not arrogance, it's knowledge. I do try to educate people around me about removing Flash, Adobe Reader, Silverlight and using another browser than Internet Explorer because they're insecure. But if they don't listen because "website XYZ requires it" then there's nothing more I can do about it.

Re:Who's affected?

[Garybaldy]

I am sure your plumber, electrician, mechanic etc think the same of you.

Re: Ransomware criminals should be executed

[slazzy]

I don't beleive anyone should get the death penalty. But definitely some good hard jailtime for ransonware crooks.

Re:Windows again

[U2xhc2hkb3QgU3Vja3M]

http://img10.deviantart.net/62...

Toy website, toy ransomware

[davidwr]

"...the latest victim being U.S. toy maker Maisto"

"Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. "

For real ransomware that's not just a toy, go to a web site of a durable-goods manufacturer.

Clearly the victim's fault

[Calydor]

What do people really expect, visiting such seedy and nefarious parts of the internet like the official website of a toy producer.

Re: Ransomware criminals should be executed

[dhalsim2]

I, too, am against capital punishment. I have absolutely nothing against corporal punishment though.

"Get his ass whipped with 20 lashes like that dude up in Singapore"
-- Ice Cube

Website pushes Microsoft ransomware

[tetraverse]

Corrected title for accuracy ..