WordPress Websites Hit by Fake Ransomware

wordpress ransomware

Researchers working with Sucuri spotted an unusual and slightly funny malicious campaign. A number of WordPress pages have been hit with what only visually looks like ransomware.

The WordPress owner is met with an alarming page showing a blank, black screen with bold red text on it, informing them that their site has been encrypted. This fake message is accompanied by the most convincing element that is also found in legitimate ransomware very often - a timer ticking down.

Victims of this unusual attack that has very little to do with ransomware apart from the scary message are told to pay 0.1 Bitcoin or roughly the equivalent of just under $6,000 using today's exchange rate. The text says the bad actors expect the crypto payment on the given wallet "for restore".

Thankfully to anyone affected by this weird attack, this screen is more of a smokescreen intended to confuse and scare the victim into playing along.

Sucuri researched the attack after a WordPress site owner contacted them when they got the alarming message. The page displaying the counter turned out to be a simple HTML file. The research team called the code used in the HTML to generate the scary message "very simple". The countdown timer is not tied to any real ransomware either and is just a couple dozen lines of PHP code.

All it took for the security team to flush the site clean of the fake "infection" and restore it to working order was to remove a bad plugin that generated the scary but fake ransomware notice. However, as the plugin got removed, it executed an SQL command that went through the entirety of the WordPress site's articles and flagged any "published" ones as "null", causing 404 errors and missing articles.

This last parting gift from the weird malicious campaign was equally ineffective because it was reversible with a single line of SQL and all articles could be restored in a snap.

It seems threat actors are slowly figuring out that you don't need to code complex payloads, configure or set up actual ransomware infrastructure when a simple scare can be just as effective a lot of the time. Social engineering relies on fear and pressure and given the modest sum asked in the ransom note, it is hard to tell how many websites actually caved in and paid the 0.1 Bitcoin.

By Zaib
November 18, 2021
Computer Security
English
November 18, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Computer Security

US Candymaker Hit by Ransomware

It seems ransomware threat actors cannot pass up on any opportunity to seize the moment and make the most of every single topical or seasonal opportunity that opens up. The latest ransomware attack that made headlines... Read more

October 21, 2021
Computer Security

Consulting Giant Accenture Hit by LockBit Ransomware

The criminal organization running the LockBit ransomware service published an announcement that it had successfully breached the defenses of consulting giant Accenture. The hackers claimed that they will soon start... Read more

August 12, 2021
Computer Security

Ransomware Threat Actor REvil Websites Go Offline

In the early hours of June 13 all the websites operated by REvil - one of the biggest active ransomware threat actors - went offline. There is no hard information regarding the cause of the blackout. At this point in... Read more

July 14, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.