Skip to main content

Flash: Adobe issues emergency update after ransomware attacks

adobe flash logo
Image used with permission by copyright holder
Check your Web browser is running the latest version of Flash. And do it now.

Adobe has issued a global alert to computer users around the world warning of a serious security flaw that leaves machines open to ransomware attacks. The company is urging all users to update to the most recent version of the software, which it rolled out Thursday, as soon as possible.

Ransomware locks a user out of their machine until they pay a sum of money to the hacker behind the attack. A user’s machine can be tricked into installing the malicious software after visiting an infected website.

Hackers are said to be using the Nuclear and Magnitude exploit kits to spread ransomware such as Cerber. DT reported on Cerber last month, though researchers only recently discovered how a flaw in Flash can be used to deliver the ransomware, hence Adobe’s response on Thursday.

Rather creepily, Cerber takes control of Windows’ text-to-speech engine to let a user know, out loud, that their computer has been hijacked. The message says, “Attention! Attention! Attention! Your documents, photos, databases, and other files have been encrypted.” In the case of Cerber, victims have reportedly been told to pay $500 to regain access to their files.

Adobe has in the last few hours posted information about cross-platform Flash updates that “address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”  There’s a lot of information on the page, but the main point is to ensure you have the latest version of Flash on your machine. You can do this by hitting this Adobe page via each of the browsers you use (updates may be auto-installing for one browser but not another) to make sure the software is up to date.

Ransomware is becoming an increasing problem for not only individual computer users, but businesses too, where the ransom demands are likely to be far higher. In February, for example, ransomware landed on the systems of a Hollywood hospital, locking staff out of computers holding important patient information as well as other data.

Hackers reportedly demanded $3.4 million to restore access. The hospital said it refused to pay such a large amount, though admitted it ended up handing over $17,000 in bitcoins to resolve the matter.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Travelex reportedly paid millions to hackers after ransomware attack
worlds largest retail currency dealer hit by ransomware attack travelex

Travelex reportedly paid hackers $2.3 million to regain access to its own computer systems after they were compromised in a ransomware attack that was discovered on New Year’s Eve.

Ransomware is malicious software that locks a computer system by encrypting files. Once locked, hackers demand payment from the owner of the system in return for a decryption key to regain access to the data.

Read more
Hackers demand $6M from largest retail currency dealer in ransomware attack
worlds largest retail currency dealer hit by ransomware attack travelex

Travelex is currently dealing with a ransomware attack that’s forced the company to suspend its online services.

Ransomware locks computer systems by encrypting files, with hackers then demanding payment in exchange for a decryption key. In the case of Travelex, hackers are ordering the London-based firm to cough up cash not only for the decryption key, but also to prevent the publication of various customer data that includes payment card information, the Financial Times reported on Tuesday, January 7.

Read more