Since Skype is a free service for consumers, it generally has to rely on advertising to turn a profit. As a result, most users regularly see banner ads on the video calling interface. Recently, hackers have begun to exploit these advertisements by distributing fake ads that contain ransomware. If you’re an avid Skype user, here’s what you need to know about the attack.
Initial reports found that the fake Skype ad was disguised as a critical Flash update. Clicking on the ad triggers a download of a seemingly innocuous HTML application named “FlashPlayer.hta”. If opened, the app would download malicious code that encrypts the victim’s files and holds them hostage until a ransom is paid.
According to security experts, hackers were obfuscating malicious code in the fake ads, which helped the ransomware evade detection from common antivirus tools. Many other users in the past have encountered similar Skype ads, but this is one of the first few scams that delivers ransomware.
To protect yourself against this ransomware you need to do the following:
- Be critical - you must be careful of opening suspicious ads and links from Skype -- or any content off the internet for that matter. Before you click on a link, hover over it to see where it leads. Unsolicited emails with links and downloadable files should also be avoided unless you’re certain it’s coming from a credible source.
- Download only from trusted sources - just like the tip mentioned above, make sure the software you download are from trustworthy app stores. In this case, Adobe Flash plugins should be downloaded directly from the official site, not from random ads.
- Install security software - strong antivirus, intrusion prevention systems, and other cybersecurity solutions can detect and block ransomware before it makes your entire system unusable.
- Invest in backups - storing your data in multiple cloud-hosted data centers will help you recover critical files should ransomware manage to infect your local computers.
Skype is the last place you’d expect a hacker to turn up, but if you don’t account for all possible vulnerabilities -- including security flaws in your VoIP solution -- your business has a bleak future. Contact us to protect your VoIP, your cloud, and your business today.