The security firm Sucuri found that hundreds of WordPress websites were targeted with ransomware attacks. These websites were defaced over the weekend with a message saying that their websites were locked and demanded 0.1 bitcoin( Rs.4,34,817.31) to be transferred to an account.
The attackers also added a time limit to the exchange causing a lot of panic amongst non-technical users who use WordPress.
The reason why these attacks have been labelled fake is because not all the pages of the websites are locked meaning the ransom note only appears on certain pages and not the entire domain. This is probably the reason why none of the people have paid the ransom amount yet.
Certain websites were immediately able to clear and restore their websites again suggesting that the ransom was fake. Sucuri found that the attackers were able to exploit a WordPress plug-in called Directorist and that is how they gained control of the websites.
This attack seems to be a sort of ‘scareware’ that instead of actually causing real damage, simply puts the malware in place to cause panic and anxiety. However, in this case the owners should have trouble restoring the sites from backups and then replacing the files with cleaned versions. Sucuri found that none of the websites were encrypted.