Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Toys

US Toy Maker Maisto's Website Pushes Ransomware (pcworld.com) 26

An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.
This discussion has been archived. No new comments can be posted.

US Toy Maker Maisto's Website Pushes Ransomware

Comments Filter:
  • The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

      So, only the stupid users then.

    • Re:Who's affected? (Score:5, Insightful)

      by An dochasac ( 591582 ) on Friday April 29, 2016 @11:45AM (#52013817)

      The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

      So, only the stupid users then.

      And your arrogance ^ my friend, is the root of the problem. If we in the IT community are so much smarter than end users, why was telnet, ftp, smtp, http, Microsoft Windows, IoT... all designed without even the most basic considerations for security? Shouldn't an information appliance be designed so that a child, grandmother, astronaut or household pet be able to "click on" or view anything without damaging the information appliance, leaking personal details, joining a botnet.

      The scum and script kiddies who write the ransomware are not rocket scientists. They're simply vandalizing a cyber-society where front and back doors are left unlocked. If we built cities as we build software, the first woodpecker would destroy civilization.

      • It's not arrogance, it's knowledge. I do try to educate people around me about removing Flash, Adobe Reader, Silverlight and using another browser than Internet Explorer because they're insecure. But if they don't listen because "website XYZ requires it" then there's nothing more I can do about it.

    • I am sure your plumber, electrician, mechanic etc think the same of you.

  • "...the latest victim being U.S. toy maker Maisto"

    "Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. "

    For real ransomware that's not just a toy, go to a web site of a durable-goods manufacturer.

  • What do people really expect, visiting such seedy and nefarious parts of the internet like the official website of a toy producer.

  • Corrected title for accuracy ..

Some people claim that the UNIX learning curve is steep, but at least you only have to climb it once.

Working...