Businesses are often warned to avoid clicking on suspicious spam links and engaging with spam to prevent malicious ransomware from infecting systems, however, cyber criminals are drawing up new ways of preying on their victims.
Microsoft has recently issues a warning to users to be wary of Google ads with fake websites that are portraying genuine services such as Zoom and Microsoft Teams, spreading Royal ransomware, known as “malvertising.”
In a statement, the Microsoft Security Threat Intelligence team said the ads come with “malicious files, which are malware downloaders known as BATLOADER, pose as installers or updates for legitimate applications like Microsoft Teams or Zoom. When launched, BATLOADER uses MSI Custom Actions to launch malicious PowerShell activity or run batch scripts to aid in disabling security solutions and lead to the delivery of various encrypted malware payloads that is decryptedand launched with PowerShell commands.”
Once malware gains access to a system, it deploys code that can disable security applications such as anti-virus software, and elevate its rights to that of a local admin. With access to a system, ransomware can encrypt files and prevent users from accessing important data, demanding a ransom payment.
In response, Microsoft has upgraded the security on Windows devices to ensure that its anti-virus software is capable of isolating and killing such threats.
To avoid falling victim to malvertising, do not click on suspicious links, and ensure that you visit a reputable source directly rather than via a Google ad before installing reportedly legitimate software.
For further guidance on identifying potential phishing and malware attempts, please contact [email protected] or sign up to our free core membership to keep up to date with the latest cyber security matters and keep your business safe online.
The NEBRC is a non-profit organisation that seeks to educate, inform, and support businesses across the UK in identifying cyber threats and staying safe online through strong cyber security.