More than 1billion internet users have been warned to update a key piece of software amid fears it could be used for ransomware attacks. The warning came from Adobe, which makes Flash software widely used in browsers to view moving images. The company said security researchers had detected a bug which was being exploited by cybercrooks to infect computers. It issued an emergency fix for the flaw - known as a zero day bug because it is previously unseen - and advised users on Windows, Mac, Chrome and Linux computers to update immediately.
The deployment of a zero day highlights potential advancement by cyber criminals. We have observed ransomware and crimeware deployed via ‘zero-day’ before; however, it is rare.
Kyrk Storer, FireEye
Ransomware encrypts data, locking up computers, then demands payments that often range from $200 to $600 to unlock each infected PC. Japanese security software maker Trend Micro said that it warned Adobe that it had seen attackers exploiting the flaw to infect computers with a type of ransomware known as Cerber as early as March 31. Cerber “has a 'voice’ tactic that reads aloud the ransom note to create a sense of urgency and stir users to pay,” Trend Micro said.