09 Dec

New AnteFrigus Ransomware Being Distributed Through Malvertising

In an ever-changing business ecosystem, the need for cybersecurity is essential, as every computer system has security vulnerabilities. These weaknesses usually exist in WiFi networks, the servers that host our email accounts and banking information, the online retailers that we do business with, the devices that we use and wear, and many other areas that we would least expect.

Technology continues to evolve, permeating our day to day life more than ever before. We, as business owners, need to ward off threats lest they bring us to a halt. Among the latest dangers is unusual ransomware, dubbed “AnteFrigus,” that is being distributed through malvertising – a fairly new methodology that involves injecting malware into online advertised networks and webpages. Working silently in the background, this latest vector is extremely difficult to combat. It employs an infection tactic that does not target the primary system“C:” drive like most viruses. Instead, the ransomware will only target drives “D:” through “Z:,” commonly associated with removable devices and mapped network volumes.

ransom note.webp  300x241 - New AnteFrigus Ransomware Being Distributed Through Malvertising
Example of a ransom demand created by AnteFrigus malware

AnteFrigus will redirect users to the RIG exploit kit, which is used by cybercriminals to infect and exploit commonly installed software like Java, and Adobe Flash. While not encrypting the “C:” drive is odd, it’s common for businesses to save their data on removable media and network mounted volumes. Once AnteFrigus has infected the victim’s machine, it will start to encrypt files on the targeted volumes if they have specific file extensions.

AnteFrigus will then create ransom notes that contain a link to the ransom payment site and list the ransom amount and address for sending the payment. In a recent test on a “honeypot” machine (built to be deliberately infected with AntiFrigus), the ransom was set at USD $1,995, an amount that increased to $3,990 after four days. Experts are taking a more in-depth look into this unusual ransomware due to its strange behavior, after learning that it will not encrypt any files that contain specific strings.

Trying to protect against what you can’t see is not easy, especially when attempting to keep up with cyber-criminal threats as they are evolving and becoming more relentless than ever. Without proactive monitoring or access controls, standard preventive measures will never be 100% effective. SMB’s must now rethink their approach to security, starting with their outer perimeter, making it more secure and functional to increase the likelihood that it will prevent such breaches and keeping your organization safe. At this time, it is not known if AnteFrigus has any weakness, or if it can be effectively thwarted. However, there are preventative measures and several precautions that can be taken to reduce the chances of getting infected by these malicious ads and web pages. With the right partners and platforms, common-sense steps, tips, and solutions, protecting your business from cyber-threats can be an achievable goal.