Security News > 2021 > November > WordPress sites are being hacked in fake ransomware attacks
A new wave of attacks starting late last week has hacked close to 300 WordPress sites to display fake encryption notices, trying to trick the site owners into paying 0.1 bitcoin for restoration.
The researchers discovered that the websites had not been encrypted, but rather the threat actors modified an installed WordPress plugin to display a ransom note and countdown when.
In addition to displaying a ransom note, the plugin would modify all the WordPress blog posts and set their 'post status' to 'null,' causing them to go into an unpublished state.
As for the plugin seen by Sucuri, it was Directorist, which is a tool to build online business directory listings on sites.
Sucuri has tracked approximately 291 websites affected by this attack, with a Google search showing a mix of cleaned-up sites and those still showing ransom notes.
All of the sites seen by BleepingComputer in search results use the same 3BkiGYFh6QtjtNCPNNjGwszoqqCka2SDEc Bitcoin address, which has not received any ransom payments.
News URL
Related news
- UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack (source)
- McLaren hospitals disruption linked to INC ransomware attack (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Litespeed Cache bug exposes millions of WordPress sites to takeover attacks (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)