In the past few weeks, hundreds of WordPress sites have experienced an onslaught of ransomware attacks. The hackers implement encryption notices and demand a ransom of 0.1 Bitcoin, which equates to roughly $5,500 dollars. The hackers include a countdown timer and tell the website owners that they will delete their entire website, which for a small business can be very costly.
The interesting aspect of this attack though is that it is FAKE.
Researchers have discovered that the websites were in fact not encrypted. Instead, threat actors changed an installed plugin called Directorist to display a ransom note and countdown. Researchers have also noted that hackers used admin credentials to get into these sites, likely as the result of brute-force or stolen credentials purchased through the dark web. However, these attacks appear to be only a part of a much larger campaign, suggesting the latter to be the avenue through which criminals gained access to private information.
So, what can you do? If you’re a WordPress user, review the plugins you use, as WP Reset Pro, OptinMonster, and Hashthemes Demo Importer have all been discovered to have vulnerabilities that hackers could exploit. Additionally, watch for and install software patches and updates to decrease the possibility of your site being attacked. If you’d like to learn more about website development and ransomware protection, you can reach out to us at firstname.lastname@example.org or call us at (703) 709-0400.