As if ransomware were not already the most difficult kind of cyberattack to stop, it just got even more complicated. Now hackers are infecting computers via drive-by downloads, which don’t require a user even to click a link or download an email attachment to let a bug in.
Ransomware is a sophisticated, and increasingly popular, hacking method that infiltrates a target computer and encrypts all of its data. The attackers then contact the victim, often a small business owner or someone with sensitive data, and offer to unlock the hidden information for a bitcoin fee, generally in the thousands of dollars. But at least the attack, as bad as that sounds, was affecting only users who were tricked into downloading a sketchy email attachment, or who entered their personal information on a site infused with malware.
Not anymore. Thanks to a sneaky method of intrusion known as a drive-by download, more users are finding themselves locked out of their machines after visiting sites that spring ransomware onto their computers without requiring them to activate the hack in any way (clicking a link, entering user credentials, etc.). Attackers are also sifting through affected computers before throwing away the keys, Shelley Polanksy of the Better Business Bureau told Colorado’s Sterling Journal Advocate Wednesday.
“Right now the hackers behind this attack are focused on usernames and passwords for website servers to spread the malware as far as possible,” Polansky said. “But usernames and passwords for other sites are being uploaded and sold as well and could be exploited or sold on the black market.”
The numbers of affected users, and which websites to avoid, are not immediately available.
Drive-by downloads are also widely used on illegal piracy sites, helping make up the $70 million that content thieves reaped in 2015.