A spokesman at Go Daddy, the popular domain registrar and Web host company, believes that some of its users may have been phished – and that’s to blame for the barrage of ransomware some customers have been seeing in past week or so.
Last week it was reported that attackers had placed malicious DNS records on some of the company’s domain names to redirect users to sites hosting the Cool Exploit Kit, a recently developed kit known for dropping the Reveton ransomware.
Reveton, a particular type of ransomware that demands users pay a fine to unlock their computer, made its way around the internet late this summer and even forced the FBI to alert the public of the malware.
Scott Gerlach, Go Daddy’s Director of Information Security Operations, told reporters yesterday that only a “small number of accounts” have been affected by the malicious DNS entries and that the company is reversing them as they’re indentified. Gerlach added that Go Daddy is expiring the passwords of those affected to prevent the further spread of malware. In the statement, Gerlach suggests that any problems users are experiencing with ransomware aren’t coming from Go Daddy’s end of the wire.
“We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems,” Gerlach wrote.
As an addendum, Gerlach recommends US and Canadian users of Go Daddy’s service implement two-factor authentication to add an additional layer of security to their accounts.
In September, millions of sites hosted by Go Daddy were knocked offline in what was thought to have been a massive distributed denial of service (DDoS) attack. The company’s CEO shot back, claiming internal issues that ultimately “corrupted router data tables” lead to the outtage and that customer data was never at risk of being hacked.