Portal Home > Knowledgebase > Security > Ransomware spreading through an aggressive campaign


Ransomware spreading through an aggressive campaign




Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains.

The campaign, called Realstatistics, has tainted thousands of sites built on both Joomla! and WordPress content management systems. Researchers with security company Sucuri observed the campaign injecting bogus analytics code, including the url realstatistics[.]info, into the PHP template of infected sites over the past few days.

In a post to the company’s blog on July 6th, 2016, Sucuri CTO and founder Daniel Cid claimed the campaign was redirecting visitors first to the Neutrino Exploit Kit. If the kit was able to successfully exploit either a Flash or PDF reader vulnerability, it left them saddled with the ransomware du jour, CryptXXX.

Cid said a division of his company that helps identify and remove website infections has been monitoring the campaign for two weeks and that they’ve observed at least 2,000 sites affected by the campaign. He said the number of hacked sites may be upwards to five times that, given the team is only looking at sites that use the company’s scanner.

It’s unclear exactly how the attackers have been able to infiltrate both content management systems to spread the code. According to Sucuri, which performed a fingerprint of the affected sites, 60 percent are running either out of date Joomla! or WordPress builds, and 90 percent are running a CMS they were able to fingerprint, suggesting a common vulnerability, perhaps one already patched in an outdated plugin or extension used by sites, unites the two.

This only emphasizes the need to keep your site software up to date to avoid chances to be hacked.. If you have no resources, time or knowledge to do this, you can hire us to keep your site safe.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article


Powered by WHMCompleteSolution