Ransomware spreading through an aggressive campaign Print

  • malware, security
  • 47

Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains.

The campaign, called Realstatistics, has tainted thousands of sites built on both Joomla! and WordPress content management systems. Researchers with security company Sucuri observed the campaign injecting bogus analytics code, including the url realstatistics[.]info, into the PHP template of infected sites over the past few days.

In a post to the company’s blog on July 6th, 2016, Sucuri CTO and founder Daniel Cid claimed the campaign was redirecting visitors first to the Neutrino Exploit Kit. If the kit was able to successfully exploit either a Flash or PDF reader vulnerability, it left them saddled with the ransomware du jour, CryptXXX.

Cid said a division of his company that helps identify and remove website infections has been monitoring the campaign for two weeks and that they’ve observed at least 2,000 sites affected by the campaign. He said the number of hacked sites may be upwards to five times that, given the team is only looking at sites that use the company’s scanner.

It’s unclear exactly how the attackers have been able to infiltrate both content management systems to spread the code. According to Sucuri, which performed a fingerprint of the affected sites, 60 percent are running either out of date Joomla! or WordPress builds, and 90 percent are running a CMS they were able to fingerprint, suggesting a common vulnerability, perhaps one already patched in an outdated plugin or extension used by sites, unites the two.

What to do best?

This only emphasizes the need to keep your site software up to date to avoid chances to be hacked. In your account you have a mix of free and commercial tools, consider using them to prevent being infected with malware. If you don't have time or expertise to do the right choices, contact us to get a free audit and offer for protecting your website,

If the things have gone already awry, then the best thing you can do is to seek for professional help!

Was this answer helpful?

« Back