Domain name registrar and website hosting provider Go Daddy is responding to a DNS attack targeting a "small number" of its hosted websites that one security firm said is enabling cyber criminals to spread ransomware.
The DNS (Domain Name System) is what transfers host-names into IP addresses, meaning computers can talk to each other and users can access them online.
Godaddy said, "We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems." The Cool Exploit Kit targets a variety of vulnerabilities, including Java errors, and has been seen spreading via drive-by attack websites.
The ransomware served depends on the country of origin. In the UK, it is malware posing as a legitimate message from the Met’s Police e-Crime Unit (PCeU). It locks the computer, on the grounds that the computer was guilty of “ unauthorized cyber activity”, asking for payment to unlock it.
Attackers use vulnerabilities in the platforms and inject malicious code to set up drive-by attack websites. Users should avoid clicking on links sent to them via email or other means, even if the links appear to be legitimate at first glance. For instance, users should ensure their passwords are strong and unique to each website, and two-factor authentication should be readily available.