As of middle of August, researchers have concluded that multiple ransomware variants, starting with EV ransomware have emerged targeting WordPress sites. The viruses aim to lock out the WordPress page, denying access to it and demanding website publishers to pay hefty ransom fees in order to restore access.
Cyber-security researchers, known as the Wordfence team have reported to track a ransomware virus, known as EV Ransomware, which was reported to lock out WordPress sites after which displays the following ransom note:
After looking into it, the Wordfence team established that the cyber-criminals upload the ransomware directly on the website and this makes it possible to encrypt the crucial site files used to run it. The types of files skipped for encryption by this ransomware virus on WordPress sites are reported to be:
→ *.php* *.png* *404.php* *.htaccess* *.lndex.php* *DyzW4re.php* *index.php* *.htaDyzW4re* *.lol.php*
The virus also communicates with the attacker as well, communicating the decryption keys by sending them to the e-mail firstname.lastname@example.org.
The virus also deletes the original files and replaces them with encrypted copies of them that have the .EV file extension added to them.
The Bad News
While the cyber-crooks have made it possible to encrypt a WordPress site’s key files, they have not managed to make a decryption mechanism, meaning that the attackers may only be trying to trick website publishers into paying the ransom.
If your WordPress site is among the infected with this virus, it is strongly advisable to not pay any type of ransom to them, primarily because you may not get your site unlocked.
What to Do If My Site Is Encrypted
If you are one of the victims of this virus, it is strongly inadvisable to pay anything. Instead, you should immediately contact your website hosting provider in order to recover the .css encrypted files via system backup. And if you have a backup set up and restore your files this way, you should immediately add a firewall to your server as a measure against anyone trying to upload malware on your WordPress blog. The way a firewall protects you is that it may block any possible attempt to interfere with the website.
Furthermore, in order to increase protection, experts also advise victims to focus on storing their backed up data either online in the cloud or offline. For more information on how to safely store data, please see the related article below.