The Independent’s Blog Section Hit By Ransomware Attack

The Independent newspaper has confirmed it has suffered a major attack on its online blog section, which has now been compromised to serve out ransomware to unsuspecting readers.

The WordPress-based blog page could be putting millions of readers at risk, according to security firm Trend Micro, although the rest of the paper’s site is thought to be unaffected.

Trend Micro says it has informed the Independent of the hack, which appears to have begun on November 21, meaning readers have been at risk for several weeks.

Under attack

The attack (pictured left) was spotted by Trend Micro security fraud researcher Joseph Chen while monitoring the activity of the notorious Angler Exploit Kit.

Chen discovered a compromised blog page which redirected users to pages hosting the exploit kit. If the user does not have an updated version of Adobe Flash Player, the vulnerable system will download the Cryptesla 2.2.0 ransomware onto their system.

This malware then encrypts a user’s files and demands a payment for the key to decrypt them.

The WordPress platform, which offers free web hosting to users, has been a popular target for hackers over the past few years, thanks to its users base of over 15.5 billion pages each month and wide choice of plug-ins for its sites.

In December 2014, more than 100,000 WordPress sites were infected with the SoakSoak malware by way of an unpatched vulnerable plug-in.

This came days after the FBI  warned that political extremists were also targeting WordPress sites.

Back in April, Finnish researchers also uncovered a dangerous XSS bug which could allow malicious code to be injected into website comments, days after dozens of WordPress plugins were updated in order to patch a widespread XSS vulnerability that resulted from programmers’ incorrect use of two commonly used programming functions that modify or add query strings to web addresses.

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Mozilla Drops ‘Do Not Track’ For Upcoming Firefox Browser

The forthcoming Firefox 13.5 will not include a 'do not track' option, as the opt-out…

3 hours ago

UN Body To Protect Subsea Cables Holds First Meeting

United Nations body to protect undersea communications cables that are crucial for international trade and…

20 hours ago

Meta Donates $1 Million To Donald Trump Inauguration Fund

Weeks after CEO Mark Zuckerberg met with Donald Trump privately at Mar-a-Lago, comes news of…

21 hours ago

US To Raise Tariffs On Chinese Solar Wafers, Polysilicon, Tungsten

Protecting American clean energy businesses. Biden administration plans to raise tariffs on certain Chinese products

22 hours ago

Australia To ‘Charge’ Tech Firms For News Content, After Meta Ends Licensing Deal

News fee. Australia looks introduce mandatory charge on social media platforms and search engines to…

23 hours ago