New Windows ransomware steals passwords before encrypting files

A new password-stealing attack helps hackers to target other sites and services.
Written by Zack Whittaker, Contributor

A new "cocktail" of malware is stealing passwords before locking out Windows users from their machines.

A number of badly-secured sites are redirecting visitors to sites that serve up the notorious Angler exploit kit, which helps hackers conduct drive-by attacks on visitors' computers with relative ease.

This kind of attack is especially sneaky as it can be done automatically and without the user's knowledge. Once the exploit kit finds a vulnerable app, such as Flash, the kit delivers its malicious payload.

According to a blog post by Heimdal Security, a widely-used data thief exploit known as Pony "systematically harvests all usable usernames and passwords from the infected system" and sends them to servers controlled by hackers.

This enables hackers to acquire working logins for websites, e-commerce sites, and even corporate applications, which they could further steal data from.

But then the kit drops the widely-used CryptoWall 4 ransomware, which locks user files until a financial ransom is paid.

Ransomware hits thousands every week, and costs users $18 million in losses, according to estimates from the FBI. Other figures suggest the Cryptowall family alone has generated about $325 million in bitcoin ransoms.

One of the best ways to mitigate the attack is to keep apps up-to-date. Backing up files on an external hard drive regularly is also recommended.

Bitdefender has a preemptive "vaccine" that can prevent a machine from becoming infected with the malware.

Editorial standards