BBC, AOL and NFL: Major sites including New York Times and BBC hit by 'ransomware' malvertising

Major News Websites Hit by Ransomware-Laced Malvertising Campaign

A widespread malvertising campaign targeted millions of users in the U.S. over the weekend, hijacking ads on high-traffic websites including the New York Times, BBC, AOL, and the NFL to deliver ransomware. Security researchers at Malwarebytes identified the attack, which exploited vulnerabilities in outdated software, including a recently patched flaw in Microsoft’s discontinued Silverlight plugin.

The malicious ads redirected users to servers hosting the Angler exploit kit, a tool commonly used by cybercriminals to probe for weaknesses in a victim’s system. Once inside, the malware deployed cryptolocker-style ransomware, encrypting hard drives and demanding Bitcoin payments for decryption keys. While typical "drive-by" ransomware attacks demand a few hundred dollars, targeted incidents such as the $17,000 ransom paid by an L.A. hospital in February highlight the growing financial threat of such schemes.

This attack underscores the risks of malvertising, where compromised ad networks serve as a delivery mechanism for malware. The incident also reignites debates over ad blockers, which some users employ to mitigate such threats, despite criticism from publishers reliant on ad revenue. Ransomware continues to rise as a preferred tool for cybercriminals, with even Mac OS X users recently falling victim via an infected BitTorrent client.

Source: https://www.theguardian.com/technology/2016/mar/16/major-sites-new-york-times-bbc-ransomware-malvertising

BBC News cybersecurity rating report: https://www.rankiteo.com/company/bbc-news

National Football League (NFL) cybersecurity rating report: https://www.rankiteo.com/company/national-football-league

AOL cybersecurity rating report: https://www.rankiteo.com/company/aol

"id": "BBCNATAOL1781269433",
"linkid": "bbc-news, national-football-league, aol",
"type": "Ransomware",
"date": "3/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Millions of users',
                        'industry': 'Media',
                        'location': 'U.S.',
                        'name': 'New York Times',
                        'type': 'News Website'},
                       {'customers_affected': 'Millions of users',
                        'industry': 'Media',
                        'location': 'U.S.',
                        'name': 'BBC',
                        'type': 'News Website'},
                       {'customers_affected': 'Millions of users',
                        'industry': 'Media/Technology',
                        'location': 'U.S.',
                        'name': 'AOL',
                        'type': 'News Website'},
                       {'customers_affected': 'Millions of users',
                        'industry': 'Sports/Media',
                        'location': 'U.S.',
                        'name': 'NFL',
                        'type': 'Sports Website'}],
 'attack_vector': 'Malvertising',
 'data_breach': {'data_encryption': 'Hard drives encrypted by ransomware'},
 'description': 'A widespread malvertising campaign targeted millions of users '
                'in the U.S. over the weekend, hijacking ads on high-traffic '
                'websites including the New York Times, BBC, AOL, and the NFL '
                'to deliver ransomware. The attack exploited vulnerabilities '
                'in outdated software, including a recently patched flaw in '
                'Microsoft’s discontinued Silverlight plugin. The malicious '
                'ads redirected users to servers hosting the Angler exploit '
                'kit, which deployed cryptolocker-style ransomware, encrypting '
                'hard drives and demanding Bitcoin payments for decryption '
                'keys.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage to '
                                       'affected websites',
            'systems_affected': 'User systems with outdated software'},
 'initial_access_broker': {'entry_point': 'Malvertising via compromised ad '
                                          'networks'},
 'lessons_learned': 'The incident underscores the risks of malvertising and '
                    'the importance of keeping software updated to mitigate '
                    'vulnerabilities. It also highlights the growing threat of '
                    'ransomware and the debate over ad blockers as a '
                    'protective measure.',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Exploitation of outdated software '
                                           'vulnerabilities (e.g., Microsoft '
                                           'Silverlight) via malvertising and '
                                           'the Angler exploit kit.'},
 'ransomware': {'data_encryption': 'Yes',
                'ransom_demanded': 'Bitcoin payments (amount not specified, '
                                   'but up to $17,000 in similar cases)',
                'ransomware_strain': 'Cryptolocker-style ransomware'},
 'recommendations': ['Keep software and plugins updated to patch known '
                     'vulnerabilities.',
                     'Consider using ad blockers to mitigate malvertising '
                     'risks.',
                     'Enhance monitoring and detection capabilities for '
                     'exploit kits like Angler.',
                     'Educate users on the risks of ransomware and safe '
                     'browsing practices.'],
 'references': [{'source': 'Malwarebytes'}],
 'response': {'third_party_assistance': 'Malwarebytes (security researchers)'},
 'title': 'Major News Websites Hit by Ransomware-Laced Malvertising Campaign',
 'type': 'Ransomware',
 'vulnerability_exploited': ['Outdated software',
                             'Microsoft Silverlight plugin flaw']}