Daily Management Review

New York Time and BBC Hit by ‘Ransomware’ Malvertisng as Hackers Target Major News Sites


New York Time and BBC Hit by ‘Ransomware’ Malvertisng as Hackers Target Major News Sites
According to a security warning by researchers Malwarebytes, a number of major news websites have seen adverts hijacked by a malicious campaign that attempts to install “ransomware” on users’ computers.
Over the weekend websites including the New York Times, the BBC, AOL and the NFL were hit by the hackers in an attack that was primarily targeted at US users of the websites. Put all together the targeted sites have traffic in the billions of visitors.
A number of vulnerabilities, including a recently-patched flaw in Microsoft’s former Flash competitor Silverlight, which was discontinued in 2013, were used in the attack as the malware was delivered through multiple ad networks in the websites.
The users were diverted to servers hosting the malware, which includes the widely-used, among cybercriminals, Angler exploit kit after the users’ computers were infected with the adverts which immediately redirected the page to the malware servers.  
Once the users’ computer is redirected to a server hosting the malware, the kit then attempts to find any back door it can into the target’s computer. Once inside the users’ computer, the malware installs itself in a cryptolocker- style software which encrypts the user’s hard drive and demands payment in bitcoin for the keys to unlock it.
Beating out lesser threats such as adware or Trojans, such software as the Angler exploit kit is fast becoming the most popular kind of malware for criminals to install on compromised computers. These malicious software are known as ransomware as they hold the user to ransom for removing the virus or letting the computer function.
As a part of an infected installation of BitTorrent client Transmission, the first Mac OS X ransomware has appeared earlier this month.
A particular and precisely targeted ransomware attacks have demanded huge amounts in payment even as the “drive-by” installations tend to only demand one or two bitcoins as a ransom, worth a few hundred pounds or dollars. In February, $17,000 was paid to such an attacker by an LA hospital which only revealed the incident lately.
The debate around adblockers would be inflamed by the vector of attack which were the compromised ad networks. Users counter that they protect their devices from attacks of this sort, as well as making the web surfing experience faster, more pleasant, and less draining on mobile devices’ batteries while the companies have attacked the browser plugins as a “modern-day protection racket” and criticized for harming the business model of free online publications.