Pirate Bay users have been hit by a malvertising attack that infects them with a crypto-ransomware. The cyberattack comes at the heels of the return of the new Game of Thrones (GoT) season, affecting a whole slew of GoT pirates.

According to TorrentFreak, following the premiere of GoT season 6, the new episode got more than a million downloads in less than 24 hours. The increase in traffic probably incited the malvertisers to launch a ransomware attack, ensuring that they had their pick of vulnerable victims.

According to Malwarebytes security researcher Jerome Segura, the malvertising attack employs the Magnitude exploit kit and infects systems with a new ransomware subscription service called Cerber. "Popular torrent site The Pirate Bay was serving ransomware via a malvertising attack this week-end. The ad network changes but the modus operandi remains the same," said Segura.

The authors of the malvertising campaign were evidently making use of "pop-under" ads to redirect Pirate Bay users to the Magnitude exploit kit. Magnitude is widely considered to be an effective and popular cybercrime-ware, which allows hackers access to users systems via zero-day browser exploits.

What makes this ransomware highly dangerous is that users can be infected without even having to click on anything. The malvertising campaign stealthily identifies and attacks vulnerable browsers, targeting all users not running script blockers with the Pirate Bay ads.

NSFOCUS IB chief security researcher Stephan Gates said the malvertisers might be capitalising on vulnerabilities within the Adobe Flash Player and Microsoft Silverlight. Gates told the Register: "In the past, the Pirate Bay has been notorious for hosting malvertising campaigns on their website. If computers are not running the latest patches for these CVEs, the likelihood of infection runs pretty high, no matter where you're surfing."

There has been a noticeable rise in malvertising and ransomware attacks in the recent past, especially given how effective it is. Ransomware attacks gain access to victims' data and go on to encrypt it, thereby making it enduringly inaccessible to the victims unless they pay up a certain amount as ransom.