Adobe Issues Emergency Update to Flash After Ransomware Attacks The software maker urged the more than 1 billion users of Flash on Windows, Mac, Chrome and Linux computers to update the product as quickly as possible.

By Reuters

This story originally appeared on Reuters

Reuters | Leonhard Foeger

Adobe Systems Inc. issued an emergency update on Thursday to its widely used Flash software for Internet browsers after researchers discovered a security flaw that was being exploited to deliver ransomware to Windows PCs.

The software maker urged the more than 1 billion users of Flash on Windows, Mac, Chrome and Linux computers to update the product as quickly as possible after security researchers said the bug was being exploited in "drive-by" attacks that infect computers with ransomware when tainted websites are visited.

Ransomware encrypts data, locking up computers, then demands payments that often range from $200 to $600 to unlock each infected PC.

Japanese security software maker Trend Micro Inc. said that it had warned Adobe that it had seen attackers exploiting the flaw to infect computers with a type of ransomware known as 'Cerber' as early as March 31.

Cerber "has a 'voice' tactic that reads aloud the ransom note to create a sense of urgency and stir users to pay," Trend Micro said on its blog.

Adobe's new patch fixes a previously unknown security flaw. Such bugs, known as "zero days," are highly prized because they are harder to defend against since software makers and security firms have not had time to figure out ways to block them. They are typically used by nation states for espionage and sabotage, not by cyber criminals who tend to use widely known bugs for their attacks.

Use of a "zero day" to distribute ransomware highlights the severity of a growing ransomware epidemic, which has disrupted operations at a wide range of organizations across the United States and Europe, including hospitals, police stations and school districts.

Ransomware schemes have boomed in recent months, with increasingly sophisticated techniques and tools used in such operations.

"The deployment of a zero day highlights potential advancement by cyber criminals," said Kyrk Storer, a spokesman for FireEye Inc. "We have observed ransomware and crimeware deployed via 'zero-day' before; however, it is rare."

FireEye said that the bug was being leveraged to deliver ransomware in what is known as the Magnitude Exploit Kit. This is an automated tool sold on underground forums that hackers use to infect PCs with viruses through tainted websites.

Exploit kits are used for "drive-by" attacks that automatically seek to attack the computers of people who view an infected website.

(Reporting by Jim Finkle; Editing by Bernadette Baum and Kenneth Maxwell)

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

This 34-Year-Old Was 'Wildly Un-Passionate' About His Day Job, So He Started a 9-Figure Side Hustle: 'Be an Animal'

Will Nitze asked his boss if he could work half his hours for half the pay in order to build his own business.

Business News

Here's How Much a Typical Google Employee Makes in a Year

Compensation for the median Google employee was up 5% in 2024 compared to 2023, according to a new U.S. Securities and Exchange Commission filing.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Business News

'Gradually Stop Using Contractors': Duolingo Is Replacing Contract Workers With AI

Duolingo is taking an "AI-first" approach, meaning it will assign AI tasks previously completed by human workers.

Business News

UPS Is Laying Off 20,000 Employees and Closing Over 70 Locations: 'Reduce Cost'

UPS announced the move as part of its first-quarter earnings report on Tuesday.

Buying / Investing in Business

This Team Is Making Sports History by Giving Fans Ownership

The city of Oakland is reviving its sports legacy, and you can be a part of it.