1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • WordPress sites hacked in fake ransomware attacks

    From TechnologyDaily@1337:1/100 to All on Wed Nov 17 12:00:05 2021
    WordPress sites hacked in fake ransomware attacks

    Date:
    Wed, 17 Nov 2021 11:42:15 +0000

    Description:
    Attackers compromised WordPress sites to install a bogus plugin that unpublished all pages and displayed fake ransomware notice.

    FULL STORY ======================================================================

    Security researchers have found that close to 300 WordPress websites have
    been defaced to display fake attack notices, in order to trick the site
    owners into paying 0.1 bitcoin (BTC) for restoration.

    Accompanying the ransom demands were countdown timers that were added to create more panic and further arm twist the owners into paying the ransom.

    The deception behind these attacks was discovered by cybersecurity firm
    Sucuri who was hired by one of the victims to perform incident response on
    the supposed attack. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window <<

    As soon as they began their investigation, the researchers discovered that
    the websites pages had not been encrypted, and that the notice was fake. Clever deception

    The researchers said that the attack had all the hallmarks of a genuine ransomware campaign, as it seemed to suggest that the website had been encrypted. While the demand sum of 0.1 BTC was considerably less than what is demanded in typical ransomware attacks, it still comes to over $6000, which
    is still a considerable amount of money.

    Before panicking and paying the ransom (or completely re-building their website from scratch) thankfully some website owners hired us to take a look, writes Sucuri, who had tackled ransomware attacks on websites earlier.

    However, as soon as they looked inside the web server, they discovered that the files werent encrypted. Instead, the warning turned out to be a simple HTML page generated by a bogus WordPress plugin .

    In addition to displaying the message and the timer, the plugin issued a simple SQL command to find any posts and pages that had the publish status, and changed it to null, which would 404 all pages, and lend credibility to
    the fake attack.

    The researchers however couldnt determine if the attackers had brute forced the admin password, or had acquired the already-compromised login from the black market.

    Want to build a website? Use one of these best WordPress hosting providers and build them with the help of these best WordPress website builders



    ======================================================================
    Link to news story: https://www.techradar.com/news/wordpress-sites-hacked-in-fake-ransomware-attac ks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)