{"id":109,"date":"2016-11-17T19:40:24","date_gmt":"2016-11-18T01:40:24","guid":{"rendered":"http:\/\/pcmdx.net\/blog\/?p=109"},"modified":"2016-11-17T20:12:25","modified_gmt":"2016-11-18T02:12:25","slug":"ransomware-being-distributed-as-fake-adobe-flash-player-update","status":"publish","type":"post","link":"http:\/\/pcmdx.net\/blog\/2016\/11\/17\/ransomware-being-distributed-as-fake-adobe-flash-player-update\/","title":{"rendered":"Ransomware being distributed as fake Adobe Flash Player Update"},"content":{"rendered":"

Ransomware is some of the most destructive malware in the cyber world.<\/p>\n

\"cyber-security-1784985_640\"<\/a><\/p>\n

For those not familiar with it, ransomware is software that will encrypt all of your documents, photos, music, and other types of files, then demands a ransom in order to get them decrypted. \u00a0Normally there’s a time limit in getting sending the ransom.<\/p>\n

A complete description of how ransomware works can be found in this PCMDX Blog post<\/a>.<\/p>\n

The bad guys are always looking a new ways to take advantage of computer users, but this latest attack is worth taking a look at<\/a> because it’s one of the more legitimate looking attacks.<\/p>\n

In the past, we’ve warned you to look at the page for grammar and spelling errors, as well as phrases that don’t sound right, before clicking on any links. \u00a0The majority of the attacks originate in other countries where English is not the native language. \u00a0Because of that, the bad guys sometimes resort to Google Translate<\/a> to write their web pages and programs. \u00a0Google Translate can sometimes have some flaws in how it translates, especially when it comes to technical terms.<\/p>\n

The latest ransomware attack is a perfect example of this. \u00a0You may click on a link that takes you to a page like this:<\/p>\n

\"fake-flash-player-update_test\"<\/a>

Fake Adobe Flash Player update page. (click for larger image)<\/p><\/div>\n

 <\/p>\n

For the most part, this page\u00a0looks<\/em> legitimate to most users. \u00a0But there are two obvious errors, and one not so obvious, that should warn you immediately that it’s fake, and possibly a threat.<\/p>\n

First, look at the instructions for “1.”. \u00a0You’ll see it instructs you to locate a file “named like”<\/em>. \u00a0An obvious grammar error.<\/p>\n

Second, look at the URL (the web site). \u00a0http:\/\/ fleshupdate. com<\/em> …flesh is not flash. \u00a0The not-so-obvious error is the phrase that reads “Your Flash Player may be out of date”. \u00a0Adobe products will not use the term “may”. \u00a0It’s either out of date or it’s not.<\/p>\n

\"Fake<\/a>

Fake Adobe Flash Player update page with errors highlighted. (click for larger image)<\/p><\/div>\n

 <\/p>\n

The Adobe Flash Player update page is https:\/\/get.adobe.com\/flashplayer\/<\/p>\n

The “https” means that it’s coming from a secure site.<\/p>\n

You’ll notice there’s much more information on the update page.<\/p>\n

\"real_-flash-player-update_test\"<\/a>

Authentic Adobe Flash Player update page (click for larger image)<\/p><\/div>\n

 <\/p>\n

For clients who have PCMDX do their IT support, you’ll never see the Adobe Flash Player update page<\/strong>, as we have it set to update in the background. \u00a0If you do see an update page, it’s absolutely fake, and you should not click on any links.<\/p>\n

Please share this information with everyone who uses your computers. \u00a0Once ransomware infects your system, there’s no reversing it unless you pay the ransom, which is rather costly, both in money and time. \u00a0Since ransomware is constantly evolving, most anti-virus products will not protect you from the damage.<\/p>\n

The best way to prevent getting struck by ransomware is to follow these guidelines:<\/p>\n

    \n
  • Never open attachments from unknown senders or known senders where the message is vague. \u00a0If in doubt, contact the sender to verify they sent it.<\/li>\n
  • Always keep you system up-to-date and patched<\/li>\n
  • Although anti-virus products may not protect against ransomware, they do protect against other malware, so always have your AV product installed and up-to-date.<\/li>\n
  • BACK UP YOUR DATA. \u00a0We recommend a three step backup program, which includes imaging, data, and off-site. \u00a0The three combined are optimal, but have at least one.<\/li>\n<\/ul>\n

    PCMDX can assist you with all of these items. \u00a0We specialize in providing cybersecurity and computer support for Small-Medium Businesses that have under 15 PCs and don’t have the budget for a full time IT person, but want IT level support.<\/p>\n

     <\/p>\n

     <\/p>\n

     <\/p>\n","protected":false},"excerpt":{"rendered":"

    Ransomware is some of the most destructive malware in the cyber world. For those not familiar with it, ransomware is software that will encrypt all of your documents, photos, music, and other types of files, then demands a ransom in order to get them decrypted. \u00a0Normally there’s a time limit in getting sending the ransom. […]<\/p>\n","protected":false},"author":1,"featured_media":119,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,33],"tags":[45,47,46],"class_list":["post-109","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer-protection","category-ransomware","tag-fake-flash-player-update","tag-flesh-com","tag-ransomware"],"_links":{"self":[{"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/posts\/109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/comments?post=109"}],"version-history":[{"count":2,"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/posts\/109\/revisions"}],"predecessor-version":[{"id":121,"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/posts\/109\/revisions\/121"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/media\/119"}],"wp:attachment":[{"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/media?parent=109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/categories?post=109"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pcmdx.net\/blog\/wp-json\/wp\/v2\/tags?post=109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}