FessLeak - a new malvertising campaign to distribute ransomware

In these days, an emergence of a new malvertising campaign has been noticed by security specialists. The name FessLeak has been given to it because the domains that are used in the attack have been registered on an email address fessleak@qip.ru. Taking into account this email, it can be said that the origin of this malvertising campaign is Russia. If you wonder why Russian cyber criminals use it, you should know that their main aim is to deliver ransomware infection. Various ransomware infections exist and might enter your system; however, there is no doubt that CryptoLocker is the one that will appear on your computer if you fall into Russian cyber criminals’ traps.

We will explain you how this malvertising campaign works, if you are interested in. Researchers have found out that cyber criminals set up a “burner” domain first. It is pointed to the landing page which is created to serve ransomware. Research has shown that cyber criminals use malicious advertisements to take users to this malicious domain and then the final landing page. Ads might appear on various popular websites, for instance, Huffingtonpost.com, Photobucket.com, RT.com, and others. As can be seen, hundreds of computer users might be the victims of this malvertising campaign. If it ever happens that you cannot open any of your files and see a warning message, stating that your files have been encrypted, on your screen, there is no doubt that ransomware has managed to enter your system as well.

FessLeak malvertising campaign is novel in a sense that malicious file is not “dropped” onto the system. It has been revealed that malicious software is loaded into the system’s memory and then extracted from it using System32 file and extract32.exe tool in Windows. What is more, the specialists at spyware-techie.com believe that the ransomware, which is distributed using this malvertising campaign, can protect itself from virtual containers. These containers are used by researchers doing a malware analysis and software that can isolate and analyze malicious software.

If you become a victim of this malvertising campaign, there is no doubt that you will notice that your files have been encrypted and you have to pay a particular sum of money in Bitcoins. If it really happens, you should still not pay money because there is basically no doubt that cyber criminals will not give you the key for the decryption of your files. Luckily, it is possible to recover files from a backup (e.g. USB flash drive).

In non-techie terms:

We do not think that you want to end up with malicious software; thus, we highly recommend installing a trustworthy antimalware tool on your PC. There is no doubt that it will reduce the possibility to encounter malicious software. Keep in mind that only trustworthy tools can protect your PC from malware, so you should install SpyHunter or a similar reliable tool.