Skip to main content

The Independent's blog site is serving ransomware

If you're a regular visitor of The Independent, you might want to skip that one for a few days. Researchers from the security firm Trend Micro have reported that the site's blog was hacked and is currently serving ransomware to its visitors.

At the moment of writing, the blog was still compromised.

According to Trend Micro, The Independent, one of the bigger media sites in the UK, is serving TeslaCrypt, a ransomware trojan known for targeting computer games, most notably Call of Duty, World of Warcraft, Minecraft and World of Tanks, and encrypting its game files. The victim is then prompted with a ransom of $500 worth of bitcoins in order to obtain the key to decrypt the files.

It is important to note that the entire site is not infected – just the blog section, which is built upon WordPress, the world's most popular blogging platform.

"I stumbled upon this while monitoring the activity of Angler Exploit Kit,” the Trend Micro report reads. “Based on my investigation, since at least November 21, the compromised blog page redirected users to pages hosting the said exploit kit. If a user does not have an updated Adobe Flash Player, the vulnerable system will download the Cryptesla 2.2.0 ransomware (detected by Trend Micro as RANSOM_CRYPTESLA.YYSIX).”

The malware then changes the extension of encrypted files to “.vvv”.

This is not the first time The Independent’s blog site was a target. Last month it was reported that the blog was serving Trojans which would allow hackers to take full control of a targeted system.