Ransomware is an increasingly common problem in the business environment. It makes any CIO’s worst nightmare come true; users lose access to crucial files that are imperative for operations, and must pay a ransom for their safe return. While ransomware can be distributed in various forms, this particular type is delivered via a zero day vulnerability in Adobe Flash Player.
Keep in mind that, while Adobe has released an emergency security patch for Windows, Mac, Linux, and Chrome OS, it’s still your responsibility to ensure that your systems are no longer affected by it.
What the Vulnerability Is
This particular vulnerability is found in Flash Player versions 22.214.171.1246 and earlier, and can be found on Windows 10 and any earlier versions of the Windows operating system. Hackers are leveraging exploit kits called Nuclear Pack and Magnitude to infect users with two types of ransomware: Locky and Cerber.
What It Does
Like any typical ransomware, Locky and Cerber lock down files on victims’ computers. Locky is still a relatively new ransomware strain that enables macros in Word documents that download malware onto the machines. Cerber, on the other hand, is your typical ransomware that will, quite literally, speak to the victim. However, the most interesting part of this ransomware is how it’s spread; hackers use the zero-day vulnerability to distribute the malware via exploit kits, which will activate upon visiting a web page that utilizes Flash Player technology. In addition to the malware locking down files on victims’ computers, hackers can also take remote control of infected systems.
Are You Affected?
The easiest way to check if you’re affected by this vulnerability is to go to the Adobe Flash Player page, or by right-clicking any content currently running in Flash Player and selecting About Adobe Flash Player. It’s absolutely crucial that you check this, because if you don’t, you could be risking much more than just the files on your computer.
How to Fix It
If you’re using any affected version of Adobe Flash Player, you should install the latest updates as soon as possible. You should also be sure to check for the vulnerability in each of the browsers that are installed on your systems. However, if you’re one of our Managed IT Clients, and subscribe to our Advanced Threat Defense service, you’re already protected.