December 1, 2021
A new wave of attacks has affected over 300 WordPress sites, which were displaying fake encryption notices. The attackers are trying to trick the site's owners into paying 0.1 Bitcoin for restoration. As with most ransomware attacks, a timer is set in place to create urgency to pay. After discovering that many of the websites they discovered were not encrypted, researchers deduced that the attackers had modified a WordPress plugin to allow them to display a ransom note, which would then cause them to enter an unhidden state. The actors then created a simple but powerful illusion that the site was encrypted. By removing the plugin, the site returned to its usual state.
Are you ready to take the next one?
Get in touch with DRPSEC and claim your free consultation.
stay updated - stay safe