Instead of news, UK paper delivered ransomware

08.12.2015
A major UK newspaper is cleaning up its website after a criminals tried to deliver ransomware to thousands of its readers.

The attack affected the blogs section of The Independent newspaper's website, Joseph C. Chen, a fraud researcher with Trend Micro, said in a blog post Tuesday.

"We have already informed The Independent about this security incident and are working with them to contain the situation," Chen wrote. "For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base."

The Independent's blogs section runs on WordPress, a publishing platform that occasionally has software vulnerabilities in itself or in add-on components.

The cyberattackers were able to compromise pages, redirecting viewers to an exploit kit that probed their computer for vulnerabilities. Chen said he identified the exploit kit as Angler, a widely used one.

Angler then tried to exploit out-of-date Flash players. It specifically targeted a remote execution flaw patched by Adobe Systems in mid-October, CVE-2015-7645. An exploit for the flaw was the latest Trend has found added to Angler.

If the attack successfully compromised a user's machine, it delivered the Cryptesla 2.2.0 ransomware, a type of malware that encrypts a user's files and demands a payment for the key to decrypt them.

Websites that draw a lot of traffic are attractive to criminals since they allow them to infect a lot of computers in a short time. The Independent ranks 50th among websites in the U.K., according to Alexa.

Jeremy Kirk

Zur Startseite