On Saturday, Hackers launched a failed cyber-attack attempting to ransomware infect millions of Israelis. According to current proof, the attack was carried out by hackers operating from Palestine. $ dig +short @1.1.1.1 https://t.co/c2ZLDNM0oY 172.81.182.63 Malicious host is serving a message supporting #OpJerusalem pic.twitter.com/gdHJGwfV7n — Yuval يوڤال Adam (@yuvadm) March 2, 2019 The incident took place on Saturday 2 March, when hackers successfully poisoned Nagich’s DNS records, a web service that provides an accessibility (a11y) widget embedded in thousands of Israel’s web sites for people with reading impairments to gain access. — Irfan Chowdhury (@irfan_c98) March 2, 2019 According to reports by Israeli cyber security experts, hackers automatically embed malicious code on thousands of Israeli websites using Nagich widgets. The code would default the site with a message saying’ #OpJerusalem, Jerusalem is Palestine’ and would then initiate an automatic download for a Windows file named’ flashplayer install.exe,’ which is a file tainted with ransomware. OS = ParseOS() if (OS != “Windows”) // Do only defacement OS can never be Windows exactly. — Idan Cohen (@_IdanCohen) March 3, 2019 But for the hackers, things didn’t go as planned. While the defacement message was displayed on thousands of web pages, including some of Israel’s major news sites, the file was not downloaded at all. Researchers only found the code to trigger the file download during the analysis of defacement messages. They said that a coding error prevented any auto-download operation. The error was that malicious code stop after the defacement and not trigger the ransomware download if your OS version is a new string than “Windows.” — Ido Naor (@IdoNaor1) March 3, 2019 The error was that there are no “Windows” user agent strings alone, since browser user agent strings also include the Windows version number, such as “Windows XP” or “Windows 10.” The file that was to be downloaded to users ‘ systems was, according to a analysis by CyberArk, a non-described ransomware strain, which would have encrypted files if users ever ran it. The attack on Nagich lasted only a few hours on Saturday and the service recovered access to its DNS records and stopped delivery by the end of the day of the malicious code.