Ransomware being distributed as fake Adobe Flash Player Update

Ransomware is some of the most destructive malware in the cyber world.

cyber-security-1784985_640

For those not familiar with it, ransomware is software that will encrypt all of your documents, photos, music, and other types of files, then demands a ransom in order to get them decrypted.  Normally there’s a time limit in getting sending the ransom.

A complete description of how ransomware works can be found in this PCMDX Blog post.

The bad guys are always looking a new ways to take advantage of computer users, but this latest attack is worth taking a look at because it’s one of the more legitimate looking attacks.

In the past, we’ve warned you to look at the page for grammar and spelling errors, as well as phrases that don’t sound right, before clicking on any links.  The majority of the attacks originate in other countries where English is not the native language.  Because of that, the bad guys sometimes resort to Google Translate to write their web pages and programs.  Google Translate can sometimes have some flaws in how it translates, especially when it comes to technical terms.

The latest ransomware attack is a perfect example of this.  You may click on a link that takes you to a page like this:

fake-flash-player-update_test

Fake Adobe Flash Player update page. (click for larger image)

 

For the most part, this page looks legitimate to most users.  But there are two obvious errors, and one not so obvious, that should warn you immediately that it’s fake, and possibly a threat.

First, look at the instructions for “1.”.  You’ll see it instructs you to locate a file “named like”.  An obvious grammar error.

Second, look at the URL (the web site).  http:// fleshupdate. com …flesh is not flash.  The not-so-obvious error is the phrase that reads “Your Flash Player may be out of date”.  Adobe products will not use the term “may”.  It’s either out of date or it’s not.

Fake Adobe Flash Player update page with errors highlighted.

Fake Adobe Flash Player update page with errors highlighted. (click for larger image)

 

The Adobe Flash Player update page is https://get.adobe.com/flashplayer/

The “https” means that it’s coming from a secure site.

You’ll notice there’s much more information on the update page.

real_-flash-player-update_test

Authentic Adobe Flash Player update page (click for larger image)

 

For clients who have PCMDX do their IT support, you’ll never see the Adobe Flash Player update page, as we have it set to update in the background.  If you do see an update page, it’s absolutely fake, and you should not click on any links.

Please share this information with everyone who uses your computers.  Once ransomware infects your system, there’s no reversing it unless you pay the ransom, which is rather costly, both in money and time.  Since ransomware is constantly evolving, most anti-virus products will not protect you from the damage.

The best way to prevent getting struck by ransomware is to follow these guidelines:

  • Never open attachments from unknown senders or known senders where the message is vague.  If in doubt, contact the sender to verify they sent it.
  • Always keep you system up-to-date and patched
  • Although anti-virus products may not protect against ransomware, they do protect against other malware, so always have your AV product installed and up-to-date.
  • BACK UP YOUR DATA.  We recommend a three step backup program, which includes imaging, data, and off-site.  The three combined are optimal, but have at least one.

PCMDX can assist you with all of these items.  We specialize in providing cybersecurity and computer support for Small-Medium Businesses that have under 15 PCs and don’t have the budget for a full time IT person, but want IT level support.