Misfortune cookie: Mr. Chow restaurants website hacked to distribute ransomware
Hackers exploited a vulnerability in Mr. Chow's Drupal content management system in order to compromise the Chinese restaurant operator's website, Malwarebytes has reported.
If you thought too much MSG was the most dangerous thing about ordering Chinese food, consider this: the website for the upscale Mr. Chow restaurants has reportedly been compromised to deliver ransomware to visitors.
According to a blog post by Malwarebytes, hackers injected pseudo-Darkleech malware directly into the website's page, triggering a secondary ransomware infection via the Neutrino Exploit Kit. The ransomware payload is reportedly of the CrypMIC variety and as of Aug. 29 was demanding a ransom of 1.2 bitcoins or about $695. Malwarebytes also reported that the website was compromised by exploiting outdated Drupal web content management system software.
However, in an email send to SCMagazine.com, a Mr. Chow spokesperson disputed Malwarebytes' account and insists that the restaurant operator's technology team has found no trace of malware.
The strain of CrypMIC that Malwarebytes said it observed in this case features a “help desk” section and a CAPTCHA field in which victims must enter code to access an account page with further instructions. Despite informing Mr. Chow management of the hack, the website continues to deliver ransomware as of this posting, Malwarebytes has told SCMagazine.com.
UPDATE 9/1, 8 p.m.: The story has been updated to include Mr. Chow's denial of Malwarebytes' claims.