The restaurant’s website was hacked and injected with pseudo Darkleech script, redirecting users to ransomware.
Popular global Chinese restaurant chain Mr Chow’s has been found serving up ransomware to its customers via its website. Security researchers said the restaurant chain, which boasts of numerous sites in London as well as across the US, was targeted by cybercriminals who hacked its website to infect customers with ransomware.
According to Malwarebytes, the hackers directly injected the restaurant’s website with the pseudo Darkleech script, which in turn triggered the proliferate Neutrino exploit kit, infecting vulnerable systems with ransomware. Security researchers said the hack was a result of the restaurant using outdated CMS software, which is a common way by which cybercriminals breach such websites. In this case, a “vulnerable installation” of Drupal was observed.
“Ransomware authors have been adding new features to make it more robust or more ‘user-friendly’. Below, we see a CAPTCHA users must enter in order to access their account page with further instructions, and even a ‘Help Desk’ section where you can ask the criminals some questions (or get some feelings off your chest),” Malwarebytes researchers said.
The help desk section read: “In case of any problem with payment or any other questions, please contact us via the contact form.” The section also warned users that language support was only available for English and prompted those with insufficient “language proficiency” to “use Google Translate”.
Additionally, unsuspecting customers visiting the site would be served up a whopping bill of 1.2 bitcoins, nearly $700 (£524). It is still uncertain as to the identity and location of the cybercriminals behind the ransomware attack. IBTimes UK has reached out to Malwarebytes for further details on the incident and will update this article if and when a response is received.
This is not the first time that cybercriminals have targeted high-profile culinary figures. In 2015, British celebrity chef Jamie Oliver’s website was also compromised.