Criminals do not give up, they use Princess to spread princess ransomware

The employees of the anti-virus producer from behind the Atlantic Ocean - Malwarebytes came across this malicious campaign. For distributing the new Princess ransomware (aka PrinessLicker), cybercriminals use the RIG Exploit Kit, which is a tool that automates the recognition of the victim's system, installed software and matching the exploit to a vulnerable application. In this case, it is an old Internet Explorer from version 6 to 10 with vulnerabilities CVE-2013-2551, CVE-2014-6332, CVE-2015-2419 and CVE-2016-0189 and plugin for the Adobe Flash Player browser (vulnerability CVE-2015 -8651). Vulnerable users who reach an infected site (so-called landing page) and will not have sufficient security, will automatically become victims of Princess ransomware:

Message about encrypting files.

Website with payment in the Tor network.

Analyzing the vulnerabilities included in the above-mentioned nomenclatures, it can be seen that the owners of Windows 10 are immune to this particular attack. The exploits used do not apply to IE version 11. However, the users of older systems, mainly Windows XP and Windows 7, may have reasons to worry.

How to protect yourself?

It's not enough to be vigilant to protect yourself and only visit trusted sites. These "trusted" websites can be hacked, and just like over 1,000 Polish websites infected computers visiting users with malicious software, including one of the users of a known antivirus forum, and the website infected computers of employees visiting public institutions (mainly banks), so in this case the user's computer can be infected.

The most reasonable and cheapest form of protection is the use of the add-on to browsers blocking scripts (NoScript). However, there is a problem with this addition that adding a known and liked website to the list of exclusions will not do anything if criminals come to it and attach a malicious

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.