The attackers are demanding 0.1 bitcoin (about $6,100) to unlock the affected websites.
According to a Google search of the text in the ransom note, this attack appears to have affected at least 300 sites so far.
But a closer look shows that no one has paid the ransom demand so far, as the ransom message only appears on a few selected pages within the site’s domain, and not on the entire website.
We have examined the sites that still display this message and found no evidence of encryption or errors that would prevent users from using the rest of the site.
According to Sucuri, the ransom demand message was generated by exploiting a vulnerability in the WordPress plugin Directorist, which was already installed on the affected site.
https://wordpress.org/plugins/ directorist/
At present, this attack is believed to be a type of “scareware” that threatens non-technical website owners and demands payment of a ransom.
But even if attackers were able to encrypt the data on a site, it appears that there have been few successful ransomware attacks on websites in the past.
This is because most site owners have the ability to restore their sites from backup and restore encrypted files with the push of a button from their web hosting control panel.
Comments