Welcome to Malvertising

Ransomware is changing and it's even smarter!

Ransomware is any software designed to extract a ransom from its victim. The way you can get infected with ransomware varies, and doesn't always involve running a shady executable on your computer.

How Ransomware Makes Its Way to Your Computer 

Email spam used to be the king of inflicting malware on victims. Recently there has been a shift away from that avenue as spam detection has become more advanced, and more of the emails intended to trick users are being stopped before they reach their destination. Now criminals are using web ads that we see every day to deliver their ransomware -- welcome to Malvertising.

These malicious web ads are delivered through well-known ad networks to popular sites. Any site which uses web advertising can be a host. In January, the MSN home page had malvertising on it and this summer, the Yahoo! family of sites were also carriers.

How Malvertising Infects Your Computer

Malvertising can work in a few ways. The most mild forms work by presenting an ad for a product you may be interested in, or it may look like part of the page it is on, for an action you intend to do (like download a file). Then, when you click on the ad, instead of bringing you to the expected site, or doing the action you thought it would, it directs you to a malicious page. This malicious page may look normal but wants you to install its toolbar or extension which then opens up a gateway for malware to infect your machine.

The more devious forms of malvertising use the ads themselves to infect your machine with ransomware. These work by using video ads or malicious scripts that your browser loads thinking it is OK to load them, since they appear to come from a site you trust. These load up and show their ad, and at the same time download their malware to your machine and execute it.

How to Protect Yourself from Malvertising 

There are steps you can take to protect yourself. The worst malvertising ads rely on scripts and video plugins to infect your machine. You can enable the click-to-play setting in your browser to prevent any video from playing unless you click on it to start it (how to enable click to play).

Another good protective step is to use a pop-up blocker -- most browsers today have automatic pop-up blocking enabled by default. And always the best defense concerning malware is to have a good backup of your data, so that in the worst case scenario, you are prepared and safe.

What Steps Do You Take if You Are Infected with Ransomware?

If you end up getting a ransomware infection, you will find yourself unable to open files, or they will open and the contents will be nonsense. You may also find yourself with a window stating "Your files have been encrypted" and that to decrypt them you need to pay bitcoins. We do not recommend paying the ransom.

If you have a ransomware infection:

  • Disconnect from the Internet and your local network. You can do this by unplugging the network or turning off your WiFi adapter.

  • Then contact a member of your IT department. DWD’s network engineers are also available to assist with removal of the virus.