CyberCrimeSecuritySecurity Management

The Independent’s Blog Section Hit By Ransomware Attack

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Google + Linkedin Subscribe to our newsletter Write a comment

Millions of Independent readers at risk of being infected with ransomware

The Independent newspaper has confirmed it has suffered a major attack on its online blog section, which has now been compromised to serve out ransomware to unsuspecting readers.

The WordPress-based blog page could be putting millions of readers at risk, according to security firm Trend Micro, although the rest of the paper’s site is thought to be unaffected.

Trend Micro says it has informed the Independent of the hack, which appears to have begun on November 21, meaning readers have been at risk for several weeks.

Under attack

trend micro independentThe attack (pictured left) was spotted by Trend Micro security fraud researcher Joseph Chen while monitoring the activity of the notorious Angler Exploit Kit.

Chen discovered a compromised blog page which redirected users to pages hosting the exploit kit. If the user does not have an updated version of Adobe Flash Player, the vulnerable system will download the Cryptesla 2.2.0 ransomware onto their system.

This malware then encrypts a user’s files and demands a payment for the key to decrypt them.

The WordPress platform, which offers free web hosting to users, has been a popular target for hackers over the past few years, thanks to its users base of over 15.5 billion pages each month and wide choice of plug-ins for its sites.

In December 2014, more than 100,000 WordPress sites were infected with the SoakSoak malware by way of an unpatched vulnerable plug-in.

This came days after the FBI  warned that political extremists were also targeting WordPress sites.

Back in April, Finnish researchers also uncovered a dangerous XSS bug which could allow malicious code to be injected into website comments, days after dozens of WordPress plugins were updated in order to patch a widespread XSS vulnerability that resulted from programmers’ incorrect use of two commonly used programming functions that modify or add query strings to web addresses.

Are you a security pro? Try our quiz!