Threat Database Ransomware FessLeak Ransomware

FessLeak Ransomware

By GoldSparrow in Ransomware

The FessLeak Ransomware infection has caught the attention of PC security researchers. The FessLeak Ransomware is delivered via corrupted advertisements on popular Web pages. To do this, the persons responsible for the FessLeak Ransomware infection abused a popular advertisement distribution network. These persons are thought to be Russian, a characteristic that many threat developers seem to have in common. The FessLeak Ransomware is a fileless threat attack, which is extracted directly into the affected computer's memory rather than being contained in an executable file. By manipulating an advertisement-bidding network, the people responsible for the FessLeak Ransomware have managed to place their harmful advertisements on popular Web pages, substantially increasing the range and effect of this threat attack.

How does the FessLeak Ransomware Attack Work

The people responsible for the FessLeak Ransomware first set up a disposable domain that redirects visitors to an attack website hosting the FessLeak Ransomware payload. Then, they would use real-time bidding for advertisements that direct to the temporary, disposable domain. In the case of the FessLeak Ransomware attack, no actual threatening files are dropped on the victim's computer, making it the FessLeak Ransomware particularly difficult to detect or intercept. After placing their corrupted advertisement on a popular Web page successfully, computer users that clicked on the advertisement would first be directed to the temporary, disposable domain and from there taken to the page hosting threats. Every eight hours, the DNS on the temporary domain would become inactive, expiring the attack. Then the cycle would begin again with the creation of a new disposable domain.

Malware researchers have observed that when computer users were directed to the threatening Web page, a corrupted file would not be stored into the victim's drive but would instead be extracted directly into memory. This makes the FessLeak Ransomware particularly difficult to study and examine because it allows the FessLeak Ransomware to bypass virtual machines, which are usually used to study threats. Once the FessLeak Ransomware is executed, it encrypts data on the victim's computer and finishes by displaying a ransom message alerting computer users that they need to pay a ransom in order to obtain the unlock key. The FessLeak Ransomware has been active since at least Fall of 2014 with attacks occurring frequently as of February of 2015.

The FessLeak Ransomware’s Latest Attack

The FessLeak Ransomware attack has been linked to dozens of different temporary domains. All were registered using the email address fessleak@qip.ru, which has resulted in security researchers referring to this ransomware infection as the FessLeak Ransomware. In its latest attacks, the FessLeak Ransomware has changed strategies, probably because of the appearance of three recent zero-day vulnerabilities in Flash Player that were uncovered in 2015 (CVE-2015-0310, CVE-2015-0311 and CVE-2015-0313.) Now, the FessLeak Ransomware attacks deliver threatening Flash temp files in order to exploit these vulnerabilities, also allowing them to bypass security software. A few websites that were compromised by the advertisements associated with the FessLeak Ransomware include such popular Web pages as HuffingtonPost.com, RT.com, Photobucket.com, CBSsports.com, HowtoGeek.com, Fark.com, Thesaurus.com and Match.com, making this a particularly effective attack.

What is the Best Way to Deal with the FessLeak Ransomware

Unfortunately, encryption ransomware like the FessLeak Ransomware is difficult to deal with. This is because these types of threat attacks use advanced encryption methods to take over victims' computers and encrypt their files. Although the actual threat infection is possible to remove, it is nearly impossible to decrypt the affected files without the decryption key. Because of this, computer users are advised to always back up important files and to prevent the FessLeak Ransomware attacks by using common sense when browsing the Web and strong security software and other measures to protect their computers. Although some computer users may not have any option, but to pay in order to recover their files, it is usually best to avoid allowing third parties to profit from spreading this kind of threat.

Trending

Most Viewed

Loading...