Ransomware Spreads Online via Website of Security Certification ProviderCyber Management

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Cyber Management Ransomware Spreads Online via Website of Security Certification Provider


This topic contains 13 replies, has 11 voices, and was last updated by  yakoko 4 years, 4 months ago.

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
  • #51178


    March 25, 2016

    For the past four days, security certification provider EC-Council has been observed redirecting visitors towards a page with the Angler exploit kit, which drops TeslaCrypt ransomware onto the victim’s machine. According to threat intelligence expert Yonathan Klijnsma, the dangerous Angler exploit kit was seen distributing ransomware to Internet Explorer users since Monday.

    Klijnsma reports that the redirects may have been around longer than suspected. Based on his analysis, the Angler exploit kit runs when these specific conditions are met: when the visitor uses Microsoft Internet Explorer browser, when the user comes from a search engine such as Google or Bing, and when the user uses an IP address that is not blacklisted or coming from a blocked geolocation as the inject avoids certain countries—especially if the cybercriminals behind the attack could possibly be incriminated.

    Various popular websites continue to serve malicious advertisements that deliver exploit kits, resulting in millions of affected users. Klijnsma writes “Once the user has jumped through all the redirects, he/she ends up on the Angler exploit kit landing page from which the browser, Flash Player plugin or Silverlight plugin will be exploited. The Angler exploit kit first starts the ‘Bedep’ loader on an exploited victim machine which will download the final payload”. The EC-Council website is exploited through its vulnerable WordPress CMS—which makes a good target for any attacker via vulnerable plugins.

    The Angler Exploit kit drops ‘TeslaCrypt’ ransomware, which encrypts a victim’s files before it demands around 1.5 Bitcoin ($622) for a decrypt key. Despite repeated warnings, EC-Council has not responded nor has taken corrective action.

    As long as vulnerable applications continue to be in widespread use, they will continue to be a threat. As reported by Trend Micro, exploit kits have been a significant threat for years—affecting mostly users in Japan and the US, with frequent victims in Australia, Canada, France, Germany, and the UK.
    [READ: How serious is the Angler Exploit kit problem?]






    The problem is, how u’d know if u’r getting your data back, and it’s not being sold for others…



    Sounds as if management is in denial, trying to avoid the ‘we are at fault finger.’ At what point will companies take security seriously?



    Imran Rafique






    Are Chrome and Firefox users affected or just IE users? Does it effect Edge users as well?



    Not sure



    I will read the attachment article and i will see what i can do.



    any update on the issue yet? Any measures taken by EC-Council or others ?



    This is not the first time I have heard of IT Security Professionals being specifically targeted for spyware/ ransomware. Its almost a “duh” moment when you think about it. Why not go after those individuals that would most likely be the ones that prevent the spread of the malware. This is going to be more of an issue in the future as more and more of the professional and training sites are hacked by those that we are trying to defend our organizations against. The bad guy has taken the first step…. are we going to sit back and be a target for them?




    I recently found that many people buy CSGO Skins good skin, but do not worry I’ve got a good skin you can go and see the website Buy CSGO Skins

Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?