Website For French Cinema Chain Gets Hacked, Serves CryptXXX Ransomware

Pathé, a major French film production and distribution company is serving ransomware via one of its websites, pathe[.]fr. The film company has a rich history that predates Universal Studios and Paramount Pictures, and is famous for inventing the newsreel in 1908.

We detected that their server hosting pathe[.]fr was compromised with malicious code embedded inside of its pages, responsible for automatically redirecting unsuspecting visitors to the Angler exploit kit.

Angler serves its own ransomware, dubbed CryptXXX which recently received an update to defeat an existing decryption tool that could once restore files to their original non-encrypted state. In addition, the ransomware now prevents the user from using their computer at all, by locking their desktop with a fullscreen ransom note.

Flow

Traffic flow:

Fiddler

Malwarebytes Anti-Exploit stops this attack:

MBAE_

We have alerted the film company but recommend people to avoid visiting their site at the moment and be sure to run exploit mitigation software to defend against drive-by download attacks.