Security News > 2021 > November > WordPress sites are being hacked in fake ransomware attacks
A new wave of attacks starting late last week has hacked close to 300 WordPress sites to display fake encryption notices, trying to trick the site owners into paying 0.1 bitcoin for restoration.
The researchers discovered that the websites had not been encrypted, but rather the threat actors modified an installed WordPress plugin to display a ransom note and countdown when.
In addition to displaying a ransom note, the plugin would modify all the WordPress blog posts and set their 'post status' to 'null,' causing them to go into an unpublished state.
As for the plugin seen by Sucuri, it was Directorist, which is a tool to build online business directory listings on sites.
Sucuri has tracked approximately 291 websites affected by this attack, with a Google search showing a mix of cleaned-up sites and those still showing ransom notes.
All of the sites seen by BleepingComputer in search results use the same 3BkiGYFh6QtjtNCPNNjGwszoqqCka2SDEc Bitcoin address, which has not received any ransom payments.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)