According to a study conducted by a cybersecurity company, hundreds of WordPress-based websites have become victims of fake ransomware attacks. The attackers made a slight change to the website with the help of a WordPress plugin, demanding money.
According to a study by a cybersecurity company called Sucuri, users of WordPress, one of the most popular internet site creation and management tools in the world, have been subjected to a major attack. But these attacks were actually partially fake attacks. It all started when a website owner requested an investigation into Sucuri after what he saw on his site.
People who visited the page were faced with a post stating that the website was ‘encrypted’. At the bottom of this article there is a time counter, and under it it it was requested to send 0.1 Bitcoin to the specified crypto currency wallet to ensure that the site is returned to its normal state. This attack had been seen on about 300 websites.
A fake attack was made with the plugin to request money:
According to Sucuri's research, the people who did this didn't really encrypt the site. Instead, they installed a WordPress plugin called ‘Directorist’ that they played on on their website, and thanks to this plugin, these articles appeared in front of those who visited the site. In addition, the plugin they prepared was removing all posts on WordPress from the publication.
But it is still unknown how the attackers got access to the panels of Internet sites. According to Sucuri's research, these people gained access to the administration panels of internet sites either by brute force (constantly trying different password combinations) by trying passwords, or by purchasing information sold on the dark web.
It was too easy to survive the attack. All a person had to do was go to the WordPress admin panel, delete the corresponding plugin, and republish all pages and posts. Thus, the website was continuing its life as if the attack had never happened.
Turkey (Türkçe)
Worldwide (English)
