Cybercriminals were just handed a defeat in Israel. A cyberattack just failed recently as the plan to attack Israeli citizens with ransomware strain was thwarted. Initial reports suggest that the attack originated from Palestine.
Earlier, on 2nd March 2019, cybercriminals exploited the DNS data belonging to Nagich. Nagich is a web service that offers a widget for accessibility. The widget is known to be embedded on hundreds and thousands of websites in Israel where it assists individuals with reading disabilities to read online content.
Local Israeli cybersecurity analysts, who were involved in the ransomware removal, believe that cybercriminals were able to get into Nagich. Afterwards, they exploited it with malicious code. Websites which were affected by the ransomware displayed pro-Palestinian messages. These messages stated “#OpJerusalem, Jerusalem is the capital of Palestine”. When the message was finished displaying, hackers wanted to start a download a file which contained their malicious components. The file which was titled as “flashplayer_install.exe”—corrupted with ransomware.
The hackers may have rejoiced at their infiltration but they were soon dealt with a setback. While the message did run on websites, numerous websites showed the message. However, the hackers could move ahead, because of their subpar programming skills.
This meant that their intended file download could never begin in the first place. The fact that such a component existed in the first place only came to light when cybersecurity analysts were reviewing the code of the ransomware.
According to a cybersecurity expert, the mismanagement occurred because of a coding error. The error was that the code was expected to stop after the message was displayed and the download would only begin in the case if it identified a “Windows” string from the website so only Windows operating systems could be affected.
Since, there is no OS string with “Windows” alone and the actual strings contain the version name too like “Windows 10”, hence the code did not work. As a result, whenever the code ran, the “if” statement remained true which in turn stopped the download from initiating.
Cybersecurity experts also identified the file which was expected to be downloaded by the virus and it contained the standard ransomware strain which is known to paralyze computers systems and encrypt data.
Luckily for the Israeli digital space, the need for ransomware removal and recovery did not arise. However, the failed attack has highlighted a worrying trend—nation-backed attacks are increasing at an alarming rate. In the past few years, ransomware attacks are continuously gathering support from some countries that plan to take the fight from the conventional battlefield to the online circles.
