Malwarebytes researchers spotted what they called the “perfect storm” of ransomware, malvertising, phishing attacks, and other malware following the breach of a popular forum dedicated to “Celebgate” leaked nude photos.
On, April 12, haveibeenpwned tweeted that the forum was compromised and exposed 179,000 accounts, 30 percent of which had already been compromised in previous breaches.
Following the attack, researchers spotted on the forum's mobile site several compromised accounts, dubiously worded advertisements, malvertising, rogue mobile programs, and redirects to website based versions of ransomware that “lock” victims onto sites, according to an April 14 blog post.
Among the malicious ads researchers spotted was a pornographic popup that attempted to load SLocker ransomware, a message posing as a United Nations warning, and other messages attempting to extort users.
Vann Abernethy, field chief technology officer at NSFOCUS International Business, said users shouldn't rush to pay ransoms if they get infected with ransomware.
“If you are hit, there are tools that can help you remove the malware, and there are also tools that can help recover the files – if you pay the ransom, you are putting yourself at even more risk down the road,” Abernethy told SCMagazine.com via emailed comments.
Researchers also spotted a Google themed malvertisment that told users “You have a Virsus” along with letting the victim know the virus would corrupt sim cards, data, photos and contacts if no action is taken, and for fun included a countdown timer to make the victim extra nervous.
“Whether asking for money, Bitcoins, gift cards or something else entirely, the initial trauma of receiving these phony blackmail demands can be extremely severe,” Malwarebytes researcher Christopher Boyd said in the blog.
Boyd said that while the leak likely won't be as extreme as the Ashley Madison incident, it is a headache for those involved.
Troy Hunt, the creator of haveibeenpwned, mocked those affected in the breach in a tweet that read “Pro tip too - if you're gonna sign up to a forum like that, perhaps not use your .gov email address...”