Malicious Ads Distributes SocGholish Ransomware

On December 15, 2024, cybersecurity experts uncovered a malicious campaign using socgholish ransomware to target Kaiser Permanente employees using Fraudulent Google search ads

RANSOMWARE ATTACK

3 min read

Malicious Advertisements Distributed SocGholish Ransomware

On December 15, 2024, cybersecurity experts detected a malicious campaign distributing SocGholish Ransomware, targeting employees of Kaiser Permanente, a healthcare company, through Google Search Ads. The fraudulent advertisements masqueraded as the company's HR portal, used for checking benefits, downloading paystubs, and other corporate-related tasks.

In this video, Spence Hutchinson, Staff Threat Intelligence Researcher, discusses how eSentire Threat Response Unit (TRU) detected and shut down SocGholish cyberattacks.

Malwarebytes is the World's No.1 Anti-Malware Software that can give your Computers, Laptops, Phones and Tabs, 100% Real-Time Protection from all Virus, Malware, SocGholish, Ransomware, Worms, Spyware, Trojan Horse, Rootkits, Browser Hijackers, Keyloggers and more, before they can do any harm to your devices. Malwarebytes_Free_Download

What is SocGholish Ransomware

Socgholish is a Javascript-based malware that uses fake software or browser updates to lure victims into downloading the malicious payload. Once a victim downloads the infected file, Socgholish rapidly deploys various types of ransomware, allowing threat actors into your organization. Recently our Threat Response Unit (TRU) identified rapid growth of Socgholish malware attacks. Some of the observed incidents progressed to a hands-on intrusion in less than 10 minutes.

SocGholic Ransomware Attack Method

The attackers exploited an outdated website previously owned by Bellona Software, a company based in Romania. When employees clicked on the malicious ad, they were redirected to this compromised website, which prompted them to update their browser. This notification was part of a malware campaign known as SocGholish, which tricks users into running a script that infects their machines. Instead of accessing the HR portal, victims were redirected to a compromised website that prompted them to update their browser. This notification was part of a malware campaign known as SocGholish, which tricks users into running a script that infects their machines. When users executed the downloaded script, it collected information from their computers and potentially gave criminals access to their computers.

SocGholish Ransomware Attack Response

The malicious ad was reported to Google, and the campaign was halted. Cybersecurity experts continue to monitor for similar threats and advise users to be cautious when clicking on ads or downloading updates from unknown sources.

This Video detailed analysis on how SocGholish is delivering AsyncRAT and how BOINC is being hijacked for malicious purposes.

Response to SocGholish Ransomware Impact

The malicious script collected information from the victims' computers and potentially gave criminals access to their systems. The attackers' intent was to phish login credentials, but the compromised website derailed their plan. The SocGholish ransomware attack has had significant impacts on various organizations and individuals. Here are some key points:

  1. Initial Infection: SocGholish malware typically spreads through compromised websites that prompt users to download fake browser updates. Once executed, it deploys additional Malware, including Remote Access Trojans (RATs) and infostealer Malware.

  2. Data Exfiltration: The Malware collects sensitive information from infected systems, such as domain trusts, usernames, and computer names. This data is then exfiltrated to attacker-controlled servers.

  3. Ransomware Attack: SocGholish can serve as an entry point for more severe attacks, including ransomware. Attackers may use the access gained through SocGholish to distribute ransomware across a corporate network, encrypting data and demanding a ransom for its release.

  4. Association with Major Cyberattacks: SocGholish has been linked to significant cyberattacks, including the SolarWinds supply chain breach and attacks by the Ransomware group EvilCorp.

  5. Persistent Threat: SocGholish has been active since at least 2017 and continues to evolve, making it a persistent threat to enterprises.

Protect Your Devices with Malwarebytes_Free

Prevention is Better Than Cure. One of the best way to prevent an Online Fraud is to install an Industry Standard Anti-Malware like Malwarebytes in your Windows, Mac, Android and iOS devices for Real-Time Protection from all Malware, Virus, Trojan Horse, Spyware, Ransomware and more. Don't fall Victim to Cyber Attacks and Online Financial Frauds.

Malwarebytes - The World's No.1 Anti-Malware Software for PC, Laptop, Android and iOS Devices.

Malwarebytes - Free Download

Read More...

Cyber Security Threats

Malwarebytes Premium
Protect all your devices from all Malware and Viruses

Create a Survey

Affordable Web Hosting

Terms of Use

Disclaimer

Privacy Policy

© 2025. All rights reserved.

Site Map

Remove Keylogger

Contact Us

Remove Trojan Horse

Remove Computer Worm

Remove Ransomware

Remove Spyware

Remove Rootkits

HideMe VPN

WinZip