Sucuri Experts reportedthat hundreds of sites running WordPress were defaced over the past weekend. The message of the attackers said that the data of the affected sites was encrypted, but experts say that in fact there were no ransomware attacks.
As you can see in the screenshot above, the hackers demanded 0.1 bitcoin (approximately $6,100) from the management of the affected resources to unlock it. If you search for the text of the extortionate note in Googleit turns out that more than 300 sites suffered from such attacks.
At the same time, the researchers note that the ransom message is displayed only on some pages of sites, and by no means everywhere. That’s probably why no one has yet didn’t pay ransom for hackers. In addition, many pages have already been cleared of defacement, which, it seems, did not cause difficulties for administrators.
Sucuri Reports Ransom Message Was Injected into Websites Through Plugin Vulnerabilities directorist, which was already installed on the affected resources. At the same time, no signs of real data encryption were found.
Source: xaker.ru