In case you haven’t heard yet, Adobe has issued a warning to Flash users about a major security flaw. The flaw has allowed hackers to drive ransomware to Windows PCs. The hack has been happening all week causing Adobe to urge Mac, PC, Chrome, and Linux users to update Flash as soon as possible to prevent the hack from happening.
How the Attacks Happen
Adobe is labeling these attacks as ‘drive by attacks’ that happen randomly whenever a Flash user visits a sketchy website. Once the sites have been visited, hackers target a computer running an older version of Flash. The hackers are ‘ransom hackers,’ which means that systems are hijacked for money.
When someone visits a website that is vulnerable, hackers tap into Flash and then freeze a system until users offer up a specific amount of money. Ransom ranges from $200 to $600. Once systems come under attack, users cannot use that system again until money has been sent. Those that have been victims of this attack have already paid large amounts of money in ransom.
Adobe has stated that the only way to avoid this hack is to update Flash. Unfortunately, a number of people are still using older versions of Flash, which means that many Flash users are still vulnerable. The hackers are using a voice program called Cerber that creates a sense of urgency when systems are attacked.
Cerber reads the ransom note out loud and creates urgent noises - this obviously causes a large amount of panic. Hacks like this one are not rare, but they often attain the goal of getting many people to pay a ransom price. Adobe is working on fixing the problem, but it will be some time still before the company is able to do so.
Ransomware hacks like this one have boomed over the past few years and months. Companies are fixing holes in software but those fixes really only leave more holes open to hackers. It’s a vicious cycle that often ends in large amounts of money being paid to ransomers. This Flash hack has already caused a lot of problems and will continue to do so until it has been completely fixed.
As far as which websites hackers are using to target Flash users, that’s a different story. Currently, it’s somewhat random, so it’s hard to warn people not to visit certain sites. However, sites that are not secure should not be visited as a general rule. Typically, sites that are not secured are the same sites that hackers use to target others. Keep in mind that once your system has been hacked, it’s impossible to back out of.
What to Do
The best thing to do here is to make sure that you are running a current version of Flash. If you’re running an older version and visit some sites that are not secure, you can be that your system will be under attack quickly. Adobe is working on fixing this issue.