The attack against Israeli users by Ransomware fails miserably because of coding errors

Ransomware Attack
Ransomware Attack

Hackers failed to trigger the download of ransomware because of a code error, but still succeeded in defacing thousands of websites. 

On Saturday, Hackers launched a failed cyber-attack attempting to ransomware infect millions of Israelis.

According to current proof, the attack was carried out by hackers operating from Palestine.

The incident took place on Saturday 2 March, when hackers successfully poisoned Nagich’s DNS records, a web service that provides an accessibility (a11y) widget embedded in thousands of Israel’s web sites for people with reading impairments to gain access.

According to reports by Israeli cyber security experts, hackers automatically embed malicious code on thousands of Israeli websites using Nagich widgets. The code would default the site with a message saying’ #OpJerusalem, Jerusalem is Palestine’ and would then initiate an automatic download for a Windows file named’ flashplayer install.exe,’ which is a file tainted with ransomware.

But for the hackers, things didn’t go as planned. While the defacement message was displayed on thousands of web pages, including some of Israel’s major news sites, the file was not downloaded at all. Researchers only found the code to trigger the file download during the analysis of defacement messages. They said that a coding error prevented any auto-download operation. The error was that malicious code stop after the defacement and not trigger the ransomware download if your OS version is a new string than “Windows.”

The error was that there are no “Windows” user agent strings alone, since browser user agent strings also include the Windows version number, such as “Windows XP” or “Windows 10.” The file that was to be downloaded to users ‘ systems was, according to a analysis by CyberArk, a non-described ransomware strain, which would have encrypted files if users ever ran it.

The attack on Nagich lasted only a few hours on Saturday and the service recovered access to its DNS records and stopped delivery by the end of the day of the malicious code.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.