Just when you thought it was safe to go back into the water….
For those of you who run offices with computers, you may be aware of a virus in the wild called Cryptolocker. Cryptolocker is a virus which encrypts your files and then requires you to pay a ransom to get your files back. In fact, it recently happened with this hospital. Now, that virus is attacking WordPress based websites. Instead of being unable to get your files, the website files become encrypted and the system replaces the index.php or index.html files with a version that demands payment. The author will then prove to you that your files are still attainable by giving you two of them back for free, but keeps every other document encrypted.
The ransom note displayed on your encrypted website, shown above, provides a link to a news story where an FBI spokesman advised victims to pay the ransom. The article is true, but the advice is not.
Reports from The Register show that hundreds of sites have most likely been attacked. Many of these sites are running out-of-date versions of WordPress, poorly configured or have plugins with security holes. Website owners should back up their websites regularly and make sure everything is up-to-date, patched and protected. Owners should also strengthen the authentication measures in the backend of their sites.
If you think you’ve been attacked by this ransomware or want to make sure your site is protected, give our specialists a call at (703)-790-0400 or send us an email at firstname.lastname@example.org.