Independent falls victim to new ransomware attack

INDYThe Independent has become the latest victim of so-called ransomware after online criminals infected the blogs section of its website in an effort to extract cash from readers.
The paper, owned by Russian oligarch Alexander Lebedev, has been forced into a major clean-up of its website after the flaw was uncovered by Joseph Chen, a fraud researcher with Trend Micro.
“We have already informed The Independent about this security incident and are working with them to contain the situation,” Chen wrote. “For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base.”
The cyber attackers were able to compromise pages, redirecting viewers to an “exploit kit” that searched their computer for vulnerabilities. Chen said he identified the exploit kit as Angler, a widely used one.
The software then tried to exploit out-of-date Flash players. It specifically targeted a remote execution flaw which was actually patched by Adobe Systems in mid-October, although most users have yet to fix the issue.
If the attack successfully compromised a user’s machine, it delivered a type of malware that encrypts a user’s files and demands a payment for the key to decrypt them.
Ransomware attacks are increasingly being used by online criminals against high ranking sites, such as those run by media outlets. In October, attackers used the Angler Exploit Kit against the Mail Online to gain access to the website via its automated ad platform, which sells ad-space to the highest bidder on an almost minute-by-minute basis.
The attack was uncovered by anti-malware software company Malwarebytes and only blocked after it notified the publisher of the attack.
At the time, Malwarebytes warned: “Malvertising has been one of the main infection vectors and continues to affect large publishers and ad networks through very distinct campaigns, very much like a whack-a-mole game.”

Related stories
Mail Online serves up rogue ad in network breach