WordPress Sites Are Being Hacked In Fake Ransomware Attacks


A brand new wave of attacks beginning late final week has hacked near 300 WordPress sites to show fake encryption notices, making an attempt to trick the location homeowners into paying 0.1 bitcoin for restoration.

These ransom calls for include a countdown timer to induce a way of urgency and probably panic an online admin into paying the ransom.

Whereas the 0.1 bitcoin (~$6,069.23) ransom demand is just not notably vital in comparison with what we see on high-profile ransomware attacks, it may nonetheless be a substantial quantity for a lot of web site homeowners.


Bogus site encryption messageBogus website encryption message
Supply: Sucuri

Smoke and mirrors

These attacks have been found by cybersecurity agency Sucuri who was employed by one of many victims to carry out incident response.

The researchers found that the web sites had not been encrypted, however relatively the risk actors modified an put in WordPress plugin to show a ransom be aware and countdown when 

WordPress plugin used to display ransom notes and countdownWordPress plugin used to show ransom notes and countdown
Supply: Sucuri


Along with displaying a ransom be aware, the plugin would modify all of the WordPress weblog posts and set their ‘post_status’ to ‘null,’ inflicting them to enter an unpublished state.

As such, the actors created a easy but highly effective phantasm that made it look as if the location had been encrypted.

By eradicating the plugin and working a command to republish the posts and pages, the location returned to its regular standing.

Upon additional evaluation of the community visitors logs, Sucuri discovered that the primary level the place the actor’s IP deal with appeared was the wp-admin panel.


Because of this the infiltrators logged in as admins on the location, both by brute-forcing the password or by sourcing stolen credentials from darkish internet markets.

This was not an remoted assault however as a substitute seems to be a part of a broader marketing campaign, giving extra weight to the second state of affairs.

As for the plugin seen by Sucuri, it was Directorist, which is a software to construct on-line enterprise listing listings on sites.

Sucuri has tracked roughly 291 web sites affected by this assault, with a Google search exhibiting a mixture of cleaned-up sites and people nonetheless exhibiting ransom notes.

The entire sites seen by BleepingComputer in search outcomes use the identical 3BkiGYFh6QtjtNCPNNjGwszoqqCka2SDEc Bitcoin deal with, which has not acquired any ransom funds.

Defending in opposition to website encryptions

Sucuri suggests the next safety practices to guard WordPress sites from being hacked:

  • Evaluate admin customers on the location, take away any bogus accounts, and replace/change all wp-admin passwords.
  • Safe your wp-admin administrator web page.
  • Change different entry level passwords (database, FTP, cPanel, and many others).
  • Place your web site behind a firewall.
  • Observe dependable backup practices that may make restoration simple in the case of an actual encryption incident.

As WordPress is usually focused by risk actors, it is usually vital to verify all your put in plugins are working the most recent model.

Travel Guides

Travel Guides Buzz has breaking travel news, travel hotels, America travel guides, travel photos, latest travel news, Asia travel guides, Europe travel guides, Australia travel guides and all the trending buzz you’ll want to share with your friends. Copyright Travel Guides Buzz.

Related Articles

Back to top button