Check your Web browser is running the latest version of Flash. And do it now.
Adobe has issued a global alert to computer users around the world warning of a serious security flaw that leaves machines open to ransomware attacks. The company is urging all users to update to the most recent version of the software, which it rolled out Thursday, as soon as possible.
Ransomware locks a user out of their machine until they pay a sum of money to the hacker behind the attack. A user’s machine can be tricked into installing the malicious software after visiting an infected website.
Hackers are said to be using the Nuclear and Magnitude exploit kits to spread ransomware such as Cerber. DT reported on Cerber last month, though researchers only recently discovered how a flaw in Flash can be used to deliver the ransomware, hence Adobe’s response on Thursday.
Rather creepily, Cerber takes control of Windows’ text-to-speech engine to let a user know, out loud, that their computer has been hijacked. The message says, “Attention! Attention! Attention! Your documents, photos, databases, and other files have been encrypted.” In the case of Cerber, victims have reportedly been told to pay $500 to regain access to their files.
Adobe has in the last few hours posted information about cross-platform Flash updates that “address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.” There’s a lot of information on the page, but the main point is to ensure you have the latest version of Flash on your machine. You can do this by hitting this Adobe page via each of the browsers you use (updates may be auto-installing for one browser but not another) to make sure the software is up to date.
Ransomware is becoming an increasing problem for not only individual computer users, but businesses too, where the ransom demands are likely to be far higher. In February, for example, ransomware landed on the systems of a Hollywood hospital, locking staff out of computers holding important patient information as well as other data.
Hackers reportedly demanded $3.4 million to restore access. The hospital said it refused to pay such a large amount, though admitted it ended up handing over $17,000 in bitcoins to resolve the matter.