If these universities had run an ad blocker they might have been saved from ransomware attack

Are you running an ad blocker yet?

If these universities had run an ad blocker they might have been saved from ransomware attack

Earlier this month a number of British universities, including University College London and Ulster University reported that their systems had been hit hard by a ransomware attack.

Although initially it was thought likely that the attacks had entered the universities’ servers via poisoned emails (it’s very normal to see ransomware being spread via malicious email attachments), it transpires that the actual vector for infection was malvertising instead.

More details can be found in this technical article by researchers at Proofpoint, who believe that an AdGholas drive-by malvertising campaign helped infect the universities with the Mole ransomware, taking advantage of an exploit kit.

Sign up to our free newsletter.
Security news, advice, and tips.

Mole ransomware message

Malvertising – or malicious advertising – see poisoned adverts placed on legitimate websites. You surf to the website on a vulnerable computer, and you could have your computer infected just by browsing the page containing the ad. It’s important to realise that you don’t need to click on a malicious ad to be infected by it.

Many sites, including some very famous ones, have suffered from malvertising being used to spread attacks to their visitors in the past – and it seems that advertising networks continue to struggle to keep poisoned ads out of their stream.

My answer to this? Well, obviously you should keep your computers up-to-date with security patches and the latest anti-virus software, but you should also strongly consider running an ad blocker.

An ad blocker will prevent ads from appearing in your browser. It means that your browsing will not only be faster and more private (unscrupulous advertisers are known to track your movements online), but also safer.

Of course, running an ad blocker doesn’t help those sites which are trying to earn a buck through the ads that they plaster over their sites. If you want to support the sites you love, investigate whether you can help it in other ways – such as paying a subscription which offers no ads, or encourage companies to sponsor the site.

Until advertising networks manage to clean up their act, and stop distributing ads that are put our privacy and security at risk, I can’t advocate anyone going on the internet without an ad blocker.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “If these universities had run an ad blocker they might have been saved from ransomware attack”

  1. drsolly

    Until the ad agencies find a way to eliminate malvertising, an increasing number of people will be running ad blockers. And I don't see any ad agency announcing any actions.

  2. Rob

    Agree! We have deployed Adblock Plus via their free "large scale deployment" program for sys admins, and it worked really well

  3. Crawdad

    Adblockers aren't a security tool. They may stop an ad from complete rendering, but in some situations the code executes (w/o seeing the creative) and plenty of companies pay to have their ads whitelisted. For fun, I take screenshots of ads rendering when ABP is turned on. Good times.

  4. Mark Jacobs

    The poll is not working. I get this error :-

    Uncaught Error: Syntax error, unrecognized expression: #dyamar_poll_https://grahamcluley.com/universities-run-ad-blocker-might-saved-ransomware-attack/# .dyamar-poll-content
    at Function.fa.error (jquery.js:2)
    at fa.tokenize (jquery.js:2)
    at fa.select (jquery.js:2)
    at Function.fa (jquery.js:2)
    at Function.a.find (jquery-migrate.min.js:1)
    at n.fn.init.find (jquery.js:2)
    at n.fn.init.a.fn.find (jquery-migrate.min.js:1)
    at a.fn.init.n.fn.init (jquery.js:2)
    at a.fn.init (jquery-migrate.min.js:1)
    at n (jquery.js:2)

    1. Graham CluleyGraham Cluley · in reply to Mark Jacobs

      Odd. It was working for me when I first published the article. I will remove the poll from this article until I have managed to investigate further. Thanks

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.