According to researchers, a new computer malware is found attacking WordPress sites across the globe. It is concluded that a ransomware variant namely EV ransomware have emerged that is designed to target only WordPress sites of the clients. Studies say that malware only aims to lock out WordPress page and deny access of its client thus demands its publishers to pay a sum of money. Paying sum of money guarantees restoration of files and access to it. The WordPress security researchers known as Wordfence team flagged several attempts by cyber crooks to upload virus with the ability to encrypt WordPress website’s file. The ransomware once loaded manages to compromise the website. This relatively new breed of ransomware holding WordPress website hostage and thus asking payment for the release. Estimations are that more than $5 million dollar is extorted from the victim each year by ransomware. Yet, cyber security team is encouraging victims not to pay ransom. This is possibly because of two reasons : first, there is not guarantee, your data will be returned and second it further encourages extortionist to continue ransomware attacks.
More About EV Ransomware
Once uploaded successfully on the victim’s system, it is observed that ransomware directly targets the website and encrypts the crucial site files essential to run it. However, there are some types of files that are skipped by the malware on WordPress site are reported as :
*.php* *.png* *404.php* *.htaccess* *.lndex.php* *DyzW4re.php* *index.php* *.htaDyzW4re* *.lol.php*
Soon after encryption, virus contacts with attacker further communicating them for the decryption keys which is then sent to an email ‘email@example.com’. It is also seen that virus deletes all the original files and replaces them with the encrypted copies with one having .ev file extension added to them. The encrypted sites look like :
Bad News For Victims
Unfortunately cyber crooks have failed to make a decryption mechanism though have made it possible to encrypt WordPress site’s key files. This clearly states that crooks only trying to trick publishers into paying money. Thus the team warns, ransomware possesses the ability to encrypt files, but does not actually provide working decryption algorithm, so it is useless to pay.
Prevention Tips Against EV Ransomware
Its single attack attempt was first seen on July 7. however, it is also seen that a large number of people and organizations actually pay ransom to attackers, in case, they are hit by ransomware and surprisingly, their files are successfully decrypted. Yet, security experts advise victims not to pay crooks as it merely encourages attacker to spread this kind of infection on a large scale.
Despite of above fact, some protection tips against EV ransomware has rolled out to users. The first and foremost is not to pay the attackers instead immediately contact website hosting provider to recover encrypted files via system backup. One can minimize he risk of getting infected with such malware is to keep their installation up-to-date. Securing one’s crucial and important accounts as best as possible. Creating regular backups of data will help in restoring lost files. Users awareness about possible online hazards plays a key role in data security practice. Moreover, add a firewall or antimalware software as a measure against any threat and to increase protection. Indeed, though the ransomware is incomplete, still have the potential to extort money, security experts added.