Ransomware actors turn attention to holding websites hostage

By
Ransomware actors turn attention to holding websites hostage

Ransomware actors are looking for new targets. According to security vendor WordFence that target appears to be WordPress-powered websites.

Hot on the heels of WannaCry and NotPetya ransomware actors are looking for new targets. According to security vendor WordFence that target appears to be WordPress-powered websites.
 
"During our analyses of malicious traffic targeting WordPress sites" the report states "we captured several attempts to upload ransomware that provides an attacker with the ability to encrypt a WordPress website's files."
 
For every directory that the 'EV Ransomware' successfully encrypts, an email is generated to inform the attacker of the hostname and key used. The encryption appears to use mcrypt, and the Rijndael 128 algorithm with a SHA-256 hash key.
 
It seems that the attack is badly coded, however, and decryption logic is missing from the supposed 'ransom paid' form. Victims wouldn't be able to regain control of their files even if the ransom were to be paid.
 
This is bad news for those individuals and SME's that tend to favour WordPress on grounds of cost and simplicity. Which doesn't mean that larger enterprises are off the hook; threat actors will turn their attention to the broader web property space if a profit can be made.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Upgrading to Windows 10 is still free, if you use this loophole

Upgrading to Windows 10 is still free, if you use this loophole

What's new in iOS 11?

What's new in iOS 11?

Skylake-X and Kaby Lake X: The Core Wars

Skylake-X and Kaby Lake X: The Core Wars

Review: ReMarkable tablet

Review: ReMarkable tablet