1 min read

Over 2,000 WordPress- and Joomla-Based Sites Infected with CryptXXX Ransomware

Luana PASCU

July 07, 2016

Over 2,000 WordPress- and Joomla-Based Sites Infected with CryptXXX Ransomware

At least 2,000 sites built on WordPress and Joomla! content management systems have been infected with CryptXXX ransomware, following a mass infection campaign in the past two weeks, web security firm Sucuri revealed.

The campaign has been growing the last two days and hit at least 2,000 sites based on our limited telemetry data from the SiteCheck scanner, said Daniel Cid, Founder & CTO. We assume the real number of hacked sites is at least 5x bigger, since we are limited to sites that used our scanner. The first indicator of a site affected by this campaign can be traced to Jun 9th, which is when we think the campaign first started.

The hackers exploited plugin vulnerabilities, their campaign infecting at least 100 sites daily. Once the sites were infected, the users were redirected to a site hosting the Neutrino Exploit Kit which infected their device with CryptXXX ransomware by exploiting the browser through either Flash or PDF reader vulnerabilities.

The attacker is likely targeting common vulnerabilities across either platform, and the updated instances are likely residual effects of being in the same environment. Note however, that the vulnerability being used is likely not in the core, but in the extensible components like plugins and extensions, Cid added.

The campaign has been named “Realstatistics” because the domains used were realstatistics[.]info and realstatistics[.]pro.

As of July 3, Google has been detecting and blacklisting sites containing the malicious code.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read