Adobe Flash update addresses 'Cerber' drive-by ransomware threat

Discussion dans 'Logiciels' créé par bull lakoza, 9 Avril 2016.

  1. bull lakoza

    bull lakoza Geek Overwhelming

    Messages:
    197
    J'aime reçus:
    40
    Points:
    27
    Réputation:
    24
    Adobe systems has issued an important patch for its Flash browser plugin software. As Reuters reports, Adobe has issued this patch to remedy a security flaw that made users vulnerable to drive-by ransomware attacks. This vulnerability was a so-called 0-day one, and has been exploited by a type of ransomware known as 'Cerber' since the end of March.

    Ransomware has grown in prominence in tech and general news headlines recently. Typically, once the ransomware malware files become active on your computer system, your personal folders, or even complete drives, can be encrypted. That usually leaves just two possibilities; either pay the attacker for the decryption key, or restore your files/drives from your well maintained backups. It's easy to understand that many will pay handsomely to get access to their files back, which may include important business documents and cherished family photos and videos.

    [​IMG]

    Trend Micro apparently warned Adobe about the Flash flaw allowing drive-by installations of the Cerber ransomware as far back as 31st March. Cerber is interesting as the malware includes speech reminding users and urging users to pay up to regain access to their files.

    Adobe's release notes concerning the Flash Player 21 update simply says that it contains "important bug fixes and security updates". You have to find the associated security bulletin to read about the 24 critical vulnerabilities fixed in this release. In these notes Adobe admits that "CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier". CVE-2016-1019 is a "type confusion vulnerability" that could lead to code execution.

    [​IMG]

    Adobe notes that those with auto-updates for Flash enabled should get the update soon. However that hadn't happened for me, so I headed over to Flash.com to grab the update direct. It was annoying to have to opt out of Adobe's optional offers, which I think of as Adobe monetising its software failures.

    Windows, Macintosh, Linux and ChromeOS users are all urged to update their Flash Player software.
     
  2. Ereric

    Ereric Adept

    Messages:
    2
    J'aime reçus:
    1
    Points:
    2
    Réputation:
    0
    That's cool. But, as far as I know, most of the user get their PC's infected with cerber as they open a fake invoice or something. Besides, the virus installation implies the user enables a malicious macro. Syseadmins advise to disable macros in MS Word completely to prevent the ransomware invasion. And what would you say about the data recovery tools like data Recovery Pro? The latter is recommended at a range of websites, e.g.
    http://myspybot.com/cerber-virus/. But I see most users are quite pessemistic in their expectations ('All we can do is sit and wait [​IMG] and backup files for some future times.' - that is from bleepingcomputer)? Yet they leave no feedback as to whether they have tried any ransom-free workarounds.
     
    Blych13 apprécie ceci.
  3. jeezy

    jeezy Adept

    Messages:
    1
    J'aime reçus:
    0
    Points:
    0
    Réputation:
    0
    Hi, i'd recommend to use ShadowExplorer or Recuva and this guide (http://manual-removal.com/cerber/ ) in order to restore locked files from shadow copies. ShadowExplorer helped me to restore almoust all infected with cerber files!
    Ereric is right about turning off macro in MS Office, but to be 100% sure I'd also install Malwarebytes Antiransoware or Bitdefender Crypto Ransomware Vaccine.
     

Partager cette page