• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Israel Just Escaped a Ransomware Attack

March 17, 2019Simeon Georgiev

Cybercriminals were just handed a defeat in Israel. A cyberattack just failed recently as the plan to attack Israeli citizens with ransomware strain was thwarted. Initial reports suggest that the attack originated from Palestine.  

Earlier, on 2nd March 2019, cybercriminals exploited the DNS data belonging to Nagich. Nagich is a web service that offers a widget for accessibility. The widget is known to be embedded on hundreds and thousands of websites in Israel where it assists individuals with reading disabilities to read online content.

Local Israeli cybersecurity analysts, who were involved in the ransomware removal, believe that cybercriminals were able to get into Nagich. Afterwards, they exploited it with malicious code. Websites which were affected by the ransomware displayed pro-Palestinian messages. These messages stated “#OpJerusalem, Jerusalem is the capital of Palestine”. When the message was finished displaying, hackers wanted to start a download a file which contained their malicious components. The file which was titled as “flashplayer_install.exe”—corrupted with ransomware.

The hackers may have rejoiced at their infiltration but they were soon dealt with a setback. While the message did run on websites, numerous websites showed the message. However, the hackers could move ahead, because of their subpar programming skills.

This meant that their intended file download could never begin in the first place. The fact that such a component existed in the first place only came to light when cybersecurity analysts were reviewing the code of the ransomware.

According to a cybersecurity expert, the mismanagement occurred because of a coding error. The error was that the code was expected to stop after the message was displayed and the download would only begin in the case if it identified a “Windows” string from the website so only Windows operating systems could be affected.

Since, there is no OS string with “Windows” alone and the actual strings contain the version name too like “Windows 10”, hence the code did not work. As a result, whenever the code ran, the “if” statement remained true which in turn stopped the download from initiating.

Cybersecurity experts also identified the file which was expected to be downloaded by the virus and it contained the standard ransomware strain which is known to paralyze computers systems and encrypt data.

Luckily for the Israeli digital space, the need for ransomware removal and recovery did not arise. However, the failed attack has highlighted a worrying trend—nation-backed attacks are increasing at an alarming rate. In the past few years, ransomware attacks are continuously gathering support from some countries that plan to take the fight from the conventional battlefield to the online circles.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Iranian Cybercriminals Involved with SamSam Ransomware Next post Jackson County Pays $400,000 Ransom

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.