Researchers with Symantec’s Threat Intelligence team who discovered these attacks confirmed – “dozens of U.S. newspaper websites owned by the same parent company have been compromised by SocGholish injected code”.
Symantec explains, some of the organizations targeted by WastedLocker could have been compromised when an employee browsed the news on one of its websites”.
The attacks looked like a series of targeted, drive by attacks. The group used employee’s computers as a steeping point into their company’s enterprise networks.
Victims Network could be badly compromised as WastedLocker is a dangerous ransomware, capable of major disruption to operations.
The company who owns the compromised news sites was alerted and the malicious code was removed.