{"id":3603,"date":"2022-12-05T11:28:57","date_gmt":"2022-12-05T11:28:57","guid":{"rendered":"https:\/\/www.nebrcentre.co.uk\/?p=3603"},"modified":"2022-12-05T11:28:57","modified_gmt":"2022-12-05T11:28:57","slug":"microsoft-warns-of-hackers-using-google-ads-to-spread-ransomware","status":"publish","type":"post","link":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/microsoft-warns-of-hackers-using-google-ads-to-spread-ransomware\/","title":{"rendered":"Microsoft Warns of Hackers Using Google Ads to Spread Ransomware"},"content":{"rendered":"\n<p>Businesses&nbsp;are often warned&nbsp;to avoid clicking on suspicious spam links and engaging with spam to prevent malicious ransomware from infecting systems, however, cyber criminals are drawing up new ways of preying on their victims.<\/p>\n\n\n\n<p>Microsoft&nbsp;has recently issues a&nbsp;warning&nbsp;to&nbsp;users to be wary of Google ads with fake websites that are portraying genuine services such as Zoom and Microsoft Teams, spreading Royal ransomware, known as&nbsp;<a href=\"https:\/\/support.google.com\/admanager\/answer\/181490?hl=en\">\u201cmalvertising.\u201d<\/a><\/p>\n\n\n\n<p>In a statement, the&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/11\/17\/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads\/\">Microsoft Security Threat Intelligence team<\/a>&nbsp;said the ads come with \u201cmalicious files, which are malware downloaders known as BATLOADER, pose as installers or updates for legitimate applications like Microsoft Teams or Zoom.&nbsp;When launched, BATLOADER uses MSI Custom Actions to launch malicious PowerShell activity or run batch scripts to aid in disabling security solutions and lead to the delivery of various encrypted malware payloads that&nbsp;is decryptedand launched with PowerShell commands.\u201d<\/p>\n\n\n\n<p>Once malware gains access to a&nbsp;system, it deploys code that can disable security applications such as anti-virus software, and elevate its rights to that of a local admin.&nbsp;With access to a system, ransomware can&nbsp;encrypt files and prevent users from accessing important data, demanding a ransom payment.<\/p>\n\n\n\n<p>In response, Microsoft has upgraded the security on Windows devices to ensure that its anti-virus software is capable of isolating and killing such threats.<\/p>\n\n\n\n<p>To avoid falling victim to malvertising, do not click on suspicious links,&nbsp;and ensure that you visit a reputable source directly rather than via a Google ad&nbsp;before installing&nbsp;reportedly legitimate&nbsp;software.<\/p>\n\n\n\n<p><strong>For further guidance on\u00a0identifying potential phishing and malware attempts, please contact\u00a0<a href=\"mailto:enquiries@nebrcentre.co.uk\">enquiries@nebrcentre.co.uk<\/a><\/strong> <strong>or sign up to our\u00a0<a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/core-membership-sign-up\/\">free core membership\u00a0<\/a>to keep up to date with the latest cyber security matters and keep your business safe online.<\/strong><\/p>\n\n\n\n<p><strong>The&nbsp;<\/strong><a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/\"><strong>NEBRC<\/strong><\/a><strong>&nbsp;is a non-profit organisation that seeks to&nbsp;<\/strong><a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/resources\/\"><strong>educate<\/strong><\/a><strong>, inform, and&nbsp;<\/strong><a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/support\/\"><strong>support<\/strong><\/a><strong>&nbsp;businesses across the UK in identifying&nbsp;<\/strong><strong>cyber threats and staying safe online through strong&nbsp;<\/strong><a href=\"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/services\/\"><strong>cyber security.<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Businesses&nbsp;are often warned&nbsp;to avoid clicking on suspicious spam links and engaging with spam to prevent malicious ransomware from infecting systems, however, cyber criminals are drawing&#8230;<\/p>\n","protected":false},"author":1,"featured_media":3604,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[13],"tags":[],"class_list":["post-3603","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/posts\/3603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/comments?post=3603"}],"version-history":[{"count":0,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/posts\/3603\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/media?parent=3603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/categories?post=3603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crcnetwork-cfkr6.projectbeta.co.uk\/northeastcrc\/wp-json\/wp\/v2\/tags?post=3603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}