The users of WordPress, one of the most popular website creation and management tools in the world, have been attacked by a cyber security company called Sucuri. But these attacks were actually partially fake attacks. It all started when a website owner asked Sucuri to investigate after what he saw on his site.
Visitors to the page were encountering an article stating that the website was ‘encrypted’. At the bottom of this article, there is a timer, and below it, 0.1 Bitcoin was requested to be sent to the specified crypto money wallet in order to restore the site to its normal state. This attack was seen on nearly 300 websites. But the website was actually not encrypted at all.
A request for money was made by making a fake attack with the plugin:
According to Sucuri’s research, the people who did this didn’t actually encrypt the site. Instead, they installed a WordPress plugin called ‘Directorist’, which they played on, on their website, and thanks to this plugin, these articles appeared before the visitors of the site. In addition, the plugin they prepared was unpublishing all posts in WordPress.
However, it is still unknown how the attackers accessed the panels of the websites. According to Sucuri’s research, these people gained access to the administration panels of websites either by brute force (continuously trying different password combinations) or by purchasing information sold on the dark web.
It was too easy to dodge the attack. All one had to do was log into the WordPress admin panel, delete the relevant plugin and republish all the pages and posts. Thus, the website continued its life as if the attack had never happened. The attack can still be seen on some websites.
18818
