Adobe has just issued an emergency update to its widely used Flash software in order to patch a security flaw that was being exploited to deliver ransomware to Windows users, Reuters is reporting. The company has also urged more than 1 billion users of Flash to update the product as quickly as possible on all platforms, including Windows, Mac, Chrome and Linux.
Security researchers say that the bug was being exploited in “drive-by” attacks that infect computers with ransomware when tainted websites are visited. Security software maker Trend Micro said that it had warned Adobe that it had seen attackers exploiting the flaw to infect computers with a type of ransomware known as ‘Cerber’ as early as March 31. Cerber “has a ‘voice’ tactic that reads aloud the ransom note to create a sense of urgency and stir users to pay,” Trend Micro said on its blog
Adobe’s new patch fixes a previously unknown security flaw. Such bugs, known as “zero days,” are highly prized because they are harder to defend against since software makers and security firms have not had time to figure out ways to block them. They are typically used by nation states for espionage and sabotage, not by cyber criminals who tend to use widely known bugs for their attacks.
Ransomware schemes have boomed in recent months, with increasingly sophisticated techniques and tools used in such operations.
For those who aren’t aware, ransomware encrypts data, locking up computers, then demands payments that often range from $200 to $600 to unlock each infected PC.