Earlier this month a number of British universities, including University College London and Ulster University reported that their systems had been hit hard by a ransomware attack.
Although initially it was thought likely that the attacks had entered the universities’ servers via poisoned emails (it’s very normal to see ransomware being spread via malicious email attachments), it transpires that the actual vector for infection was malvertising instead.
More details can be found in this technical article by researchers at Proofpoint, who believe that an AdGholas drive-by malvertising campaign helped infect the universities with the Mole ransomware, taking advantage of an exploit kit.
Malvertising – or malicious advertising – see poisoned adverts placed on legitimate websites. You surf to the website on a vulnerable computer, and you could have your computer infected just by browsing the page containing the ad. It’s important to realise that you don’t need to click on a malicious ad to be infected by it.
Many sites, including some very famous ones, have suffered from malvertising being used to spread attacks to their visitors in the past – and it seems that advertising networks continue to struggle to keep poisoned ads out of their stream.
My answer to this? Well, obviously you should keep your computers up-to-date with security patches and the latest anti-virus software, but you should also strongly consider running an ad blocker.
An ad blocker will prevent ads from appearing in your browser. It means that your browsing will not only be faster and more private (unscrupulous advertisers are known to track your movements online), but also safer.
Of course, running an ad blocker doesn’t help those sites which are trying to earn a buck through the ads that they plaster over their sites. If you want to support the sites you love, investigate whether you can help it in other ways – such as paying a subscription which offers no ads, or encourage companies to sponsor the site.
Until advertising networks manage to clean up their act, and stop distributing ads that are put our privacy and security at risk, I can’t advocate anyone going on the internet without an ad blocker.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
5 comments on “If these universities had run an ad blocker they might have been saved from ransomware attack”
Until the ad agencies find a way to eliminate malvertising, an increasing number of people will be running ad blockers. And I don't see any ad agency announcing any actions.
Agree! We have deployed Adblock Plus via their free "large scale deployment" program for sys admins, and it worked really well
Adblockers aren't a security tool. They may stop an ad from complete rendering, but in some situations the code executes (w/o seeing the creative) and plenty of companies pay to have their ads whitelisted. For fun, I take screenshots of ads rendering when ABP is turned on. Good times.
The poll is not working. I get this error :-
Uncaught Error: Syntax error, unrecognized expression: #dyamar_poll_https://grahamcluley.com/universities-run-ad-blocker-might-saved-ransomware-attack/# .dyamar-poll-content
at Function.fa.error (jquery.js:2)
at fa.tokenize (jquery.js:2)
at fa.select (jquery.js:2)
at Function.fa (jquery.js:2)
at Function.a.find (jquery-migrate.min.js:1)
at n.fn.init.find (jquery.js:2)
at n.fn.init.a.fn.find (jquery-migrate.min.js:1)
at a.fn.init.n.fn.init (jquery.js:2)
at a.fn.init (jquery-migrate.min.js:1)
at n (jquery.js:2)
Odd. It was working for me when I first published the article. I will remove the poll from this article until I have managed to investigate further. Thanks