A number of major news sites and popular websites saw their onsite advertising hit by a malicious ad hijacking campaign last weekend.
If activated, the maliciously appropriated adverts sought to install ransomware on users’ hardware, encrypt their data, and then demand payment via the virtual currency, bitcoin, in order to have their computers unlocked.
Online adverts from trusted and well known sites such as the BBC, MSN, The New York Times, AOL, and even the NFL were targeted last weekend. MSN alone, receives on average, over one billion hits a month, while the New York Times, and the BBC, receives over half a billion hits collectively.
The potential for mass infection by this latest target specific surge of ransomware attacks was, according to Malwarebytes security researchers, high.
“…. out of the blue on the weekend we witnessed a huge spike in malicious activity emanating out of two suspicious domains. Not only were there a lot of events, but they also included some very high profile publishers, which is something we haven’t seen in a while.”
The malware was systematically uploaded to several ad networks, managing to exploit a number of well-known vulnerabilities, but also including some only recently fixed flaws such as one for Microsoft’s Silverlight, which was discontinued in 2013.
The ransomware loaded ads were funneled to the popular websites mainly via four well known but separate ad networks, said the team at Malwarebytes.
Users who fell victim to the infected ads were redirected to servers that hosted the malware, including the infamous Angler exploit kit, which specialises in finding unguarded entrances into computers, before then encrypting the hard drive and demanding payment for the decryption key that would unlock the files.
In recent times, Ransomware has fast become the go-to software for hackers and cyber criminals to install on users’ hardware, rapidly displacing other more traditional types of malware such as Trojans and adware.
Earlier this month, ransomware appeared for the first time on OS X Apple based computers.