Independent Blog Hacked; Millions at Risk from Ransomware

The Independent’s blogging platform has been compromised by malicious attackers to spread Trojan malware to readers’ computers, according to security researchers.

Researchers from security firm Trend Micro have discovered that popular UK publication – the Independent, has had its blog platform and news page compromised by attackers.

Millions of readers accessing a prominent media news website in the United Kingdom are at risk of being compromised by the TeslaCrypt Ransomware, a blog by Trend Micro researcher Joseph Chen revealed.

Although the Independent has been notified of the incident, the website remains functional and still compromised, as things stand.

Notably, only the blog portion of the website is currently compromised, with its WordPress implementation. The researcher notes:

I stumbled upon this while monitoring the activity of Angler Exploit Kit. Based on my investigation, since at least November 21, the compromised blog redirected users to pages hosting the said exploit kit.

Quite simply, any users who do not have an updated version of Adobe’s Flash Player will see their system vulnerable to the Cryptesla ransomware.

Then this occurs, the malware changes the extension of all ‘infected’ or encrypted files to “.vvv,” according to Chen.

The malware fundamentally exploits a security hole within Adobe’s Flash Player to install the payload onto a victim’s computer. When the payload is triggered, the download is initiated and when complete, the ransomware begins to encrypt the locally stored data and documents. Ransomware, as Lifars readers will now, encrypts files before demanding a ransom in exchange for the key to decrypt the files.

Raimund Genes, the chief technical officer at Trend Micro told the BBC:

We reported it to them (The Independent) on Tuesday – but, as of today, it is still happening. Now we need to go public to warn people who are not using security software.

He notes a particular period of time on Tuesday when the malware seemed to have disappeared. It wasn’t the Independent behind the change, however.

For a while on Tuesday, the malware didn’t trigger. But that was not the Independent solving it, it was the attackers updating the malware with a new version.

Flash has long been notoriously vulnerable to exploits and this is no different. Readers are advised to update their Flash players immediately.