Fake Ransomware Attacks Targeted WordPress Sites

Up to 300 WordPress websites have been targeted by a number of fake ransomware attacks starting Friday last week. It was noticed that they have been displaying false encryption notices with the goal to determine website owners to pay a ransom of 0.1 bitcoin for recovery. A countdown timer was also introduced in this process for urgency sense purposes.

WordPress Sites, the Targets of Fake Ransomware Attacks: Details

Experts from Sucuri discovered this wave of attacks and they wrote a report about this on the 15th of November. One of the attack victims contacted them to ask for support on incident response.

According to the researchers’ report, the website encryption was actually just an illusion to make victims fall into the trap. Here are some details from the report:

The hackers targeted an installed WordPress plugin and altered it in order to make it show a ransom note, as well as a countdown.

Image Source

The plugin would also change the posts’ status by modifying them and setting their ‘post_status’ to ‘null, this action would determine to show their state as unpublished. Directorist was the plugin noticed by the experts, Directorist being basically a tool used

Read More: https://heimdalsecurity.com/blog/fake-ransomware-attacks-target-wordpress-sites/