WordPress Ransomware Attacks On the Rise (.EV Ransomware) - How to, Technology and PC Security Forum | SensorsTechForum.com
NEWS

WordPress Ransomware Attacks On the Rise (.EV Ransomware)

As of middle of August, researchers have concluded that multiple ransomware variants, starting with EV ransomware have emerged targeting WordPress sites. The viruses aim to lock out the WordPress page, denying access to it and demanding website publishers to pay hefty ransom fees in order to restore access.

Cyber-security researchers, known as the Wordfence team have reported to track a ransomware virus, known as EV Ransomware, which was reported to lock out WordPress sites after which displays the following ransom note:

Image Source: Wordfence

After looking into it, the Wordfence team established that the cyber-criminals upload the ransomware directly on the website and this makes it possible to encrypt the crucial site files used to run it. The types of files skipped for encryption by this ransomware virus on WordPress sites are reported to be:

→ *.php* *.png* *404.php* *.htaccess* *.lndex.php* *DyzW4re.php* *index.php* *.htaDyzW4re* *.lol.php*

The virus also communicates with the attacker as well, communicating the decryption keys by sending them to the e-mail [email protected]

The virus also deletes the original files and replaces them with encrypted copies of them that have the .EV file extension added to them.

The Bad News

While the cyber-crooks have made it possible to encrypt a WordPress site’s key files, they have not managed to make a decryption mechanism, meaning that the attackers may only be trying to trick website publishers into paying the ransom.

If your WordPress site is among the infected with this virus, it is strongly advisable to not pay any type of ransom to them, primarily because you may not get your site unlocked.

What to Do If My Site Is Encrypted

If you are one of the victims of this virus, it is strongly inadvisable to pay anything. Instead, you should immediately contact your website hosting provider in order to recover the .css encrypted files via system backup. And if you have a backup set up and restore your files this way, you should immediately add a firewall to your server as a measure against anyone trying to upload malware on your WordPress blog. The way a firewall protects you is that it may block any possible attempt to interfere with the website.

Furthermore, in order to increase protection, experts also advise victims to focus on storing their backed up data either online in the cloud or offline. For more information on how to safely store data, please see the related article below.

Related:Safely Store Your Important Files and Protect Them from Malware

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...