GreenFlash Sundown exploit kit has been repurposed to drop a botnet, cryptominer, and very potent ransomware (all three at once) via drive-by downloads served via website ads. This kit hadn’t been targeted at North America previously but this recent repurposing has been designed to primarily attack English language users in North America.
The biggest mitigations are fully patched Flash & web browsers, safe and careful browsing habits, and being trained in security awareness to learn to avoid clicking links in emails that may be trying to direct you to a site serving the malvertisement.
Also, interesting note – the exploit kit executes a system check to make sure the environment is “desirable” before it fires the main payload, so the same malicious ad may trigger ransomware on one system but not another.
References:
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/
