1 min read

Fake Ransomware Campaign Targets WordPress Site Owners with Scary Ransom Note

Filip TRUȚĂ

November 17, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Fake Ransomware Campaign Targets WordPress Site Owners with Scary Ransom Note

Researchers have stumbled upon a new ransomware campaign that only uses scare tactics – not actual file encryption – to trick WordPress customers into believing their website has been hacked.

Since at least Nov. 12, web security researchers have identified almost 300 WordPress sites targeted by the bogus ransomware infection. Using compromised credentials, obtained either by brute-force or the black market, the attackers hacked their way into the target sites as administrators and edited key WordPress files to block site functionality and display a scary ransom note (pictured above).

While the extortion sum is certainly low compared to typical ransoms these days, it can still earn criminals a pretty penny should several site owners fall for the trick. At the time of writing this piece, 0.1 Bitcoin amounts to around $6,000. No small amount for small site owners, either.

The attackers reportedly accessed and edited HTML parts of an otherwise legitimate Wordpress plugin to make it appear as if the site had been encrypted and all content rendered inaccessible. Then they used somePHP wizardry to feed a countdown timer into the ransom note, creating a sense of urgency typical of ransomware attacks.

Fortunately, affected site owners had the sense to seek help, investigate and eventually uncover the scam. Sucuri researchers explain the bogus campaign in detail on their blog.

To keep such scams at bay, site owners are advised to:

·      Review admin users on the site, remove any bogus accounts and update/change all wp-admin passwords

·      Secure the wp-admin administrator page

·      Change other access point passwords (database, FTP, cPanel, etc)

·      Place the website behind a firewall

·      Keep regular backups of site content in case the site ever suffers a real ransomware attack

On the even brighter side, at the time of writing the scammers’ digital wallet had no digital currency to its name. While cunning, the campaign seems to have had zero success duping WordPress clients.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant Phishers Targeting Victims with ‘Free’ PCR Test for Omicron COVID-19 Variant
Filip TRUȚĂ

December 03, 2021

2 min read
WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out WordPress Plugin Vulnerability Affected More than 80,000 Websites; Patch Is Now Out
Silviu STAHIE

December 03, 2021

1 min read
Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack Man charged with Ubiquiti data breach and extortion was employee assigned to investigate hack
Graham CLULEY

December 03, 2021

2 min read