Last Updated on 22/11/2021 by Sunaina
WordPress sites have recently been subjected to a slew of cyber-threats. The consensus is that WordPress isn’t having a good time, whether it’s because of site takeovers or plugin vulnerabilities.
Last week, a wave of assaults targeted 300 WordPress sites, showing false encryption alerts and demanding 0.1 Bitcoin in ransom. Furthermore, by including a countdown timer, these ransom demands create a sense of urgency and terror. This appears to be a typical ransomware attack.
The websites were not encrypted, according to the researchers. The threat actors simply changed the settings of a plugin called Directorist to display a ransom letter and a countdown. As a result, this is a bogus ransomware assault.
One of the most well-known Content Management Systems (CMS) is WordPress. This, on the other hand, suggests that it is a top target for cybercriminals attempting to infect websites. The attackers used brute-force or stolen credentials purchased on the dark web to log in as admins on the sites. These attacks do not appear to be isolated; rather, they appear to be part of a larger effort, implying that they may have purchased credentials on underground markets.
When utilising popular CMS systems, keep an eye out for upgrades and software patches. Also, be cautious about the plugins you use. The current danger to WordPress websites is not a one-time event, and it is likely to continue in the future. Experts believe that true encryption assaults will occur in the future.