WordPress security experts Wordfence reported recently that they’ve seen ransomware attacks on WordPress sites. One such variant of ransomware is being called “EV Ransomware”.
What does it do?
Ransomware is malicious software which is installed on your computer (or web server) by exploiting a weakness. The software then encrypts your files using strong unbreakable encryption. The attackers then ask for payment, usually via Bitcoin transfer as this is anonymous and therefore untraceable.
Ransomware has been around in various forms since 1989. It is growing fast, with 100 new variants released in 2017 along with a 36% increase in attacks compared with the previous year. The average demand increased by 266% to an average of $1077 per victim.
This year has seen the NHS in the UK affected by the WannaCry ransomware attack in May, followed by attacks on the Ukraine’s state power company, the Chernobyl nuclear reactor, Antonov aircraft, shipping company Maersk and food giant Modelez using Petya ransomware.
The FBI advises those attacked by Ransomware not to pay, as it encourages more attacks. However many do pay, as they don’t have the option to recover their data in any other way.
Ransomware v WordPress
Ransomware has usually been a Windows problem. There is currently, however, a version which targets websites.
Without getting overly technical, the ransomware allows the attacker to encrypt the files but does not provide a working decryption mechanism.
The attacker doesn’t need to prove that they can or will decrypt the site, only to convince the site owner that they should pay the ransom.
DO NOT pay the ransom, as it is highly unlikely that the attacker will or even can decrypt the site for you.
What should you do?
There are a few safeguards you can put in place to protect yourself and your website:
1. Install a firewall (like Wordfence) on your site to protect it.
2. Keep reliable backups – stored in a different location than your website, or they will be encrypted. With a good backup, you can simply restore a version of your website from before the attack to get back online without paying the ransom demands.
3. Make sure your website is updated and monitored on a regular basis to reduce the weak spots available to attackers.
Every one of our clients’ websites is protected and regularly backed up. Our subscription clients’ sites are also monitored, updated and maintained on an ongoing basis.
Stay safe and make sure crime doesn’t pay!