Massive Ransomware Attack On Israeli Websites Foiled
The incident took place on Saturday, March 2, when hackers tried to plant ransomware on over one million Israeli web pages, in a bid to lock the users out until they paid a ransom. Unfortunately, the plan did not go as well as expected, and it was thwarted. Nevertheless, they manage to deface many web pages with words “Jerusalem is the capital of Palestine.”
Among the affected sites were the McDonalds Israel branch and the news websites of Makor Rishon and Calcalist. In order to execute their plan, the hackers used Hebrew website Nagich, which provides services to people with reading disabilities. Israeli cyber-security experts say that hackers used the Nagich widget to embed malicious code on thousands of Israeli websites. Several websites were rendered unusable for about an hour.
At first, the code would deface the website with a message that read “#OpJerusalem, Jerusalem is the capital of Palestine,” and then would initiate an automatic download for a Windows file named “flashplayer_install.exe,” a file tainted with ransomware.
Nevertheless, things didn’t go as planned by the hackers. While they could deface thousands of web pages, but the file download did not start due to a coding mistake. It was found that the code would stop working after defacement if the OS would be a string different from “Windows.
The error happened due to the fact that there is no user-agent string of “Windows” alone, as browser user-agent strings also include the Windows version number, such as “Windows XP” or “Windows 10.”
Nagich was alerted about the attack, and they were able to close the breach used by the hackers in 20 minutes.
While the damage from the attack was minimal, but experts believe that over one million pages could have been affected.
Yuval Adam was the first to discover the attack, and according to him “the true goal of the attack was to block thousands of Israelis from accessing system’ unless they paid a ransom. He cited “incredible negligence, about which warnings have been sounded in the recent past,” for the attack.
Ran Bar-Zik, a senior software developer at Verizon Media blamed both Nagich and the clients for failing to take basic actions to protect against this sort of attack.
The cyber-attack is under investigation.