RAMSOMWARE TARGETING WORDPRESS AND THE POTENTIAL OF MYANMAR
Image Source: https://adjm.amebaownd.com/posts/3309036
Wordfence team, a secure website CMS (content manage system ) web plugin of wordpress found a Ramsomware targeted to attack wordpress websites.
Wordfence team is inquiring the beginning root of that ramsomware known as EV ramsomware and they also described how to protect from the ramsomware.
What is ramsomware?
Ramsomware is a dangerous software that is added to the targeted computer or network server by the attacker.
It does control the whole system from its patch and perform following the plans of ramsomware.
Most ramsomware encrypts all the files of the system and the encrypted files cannot be decrypted.
The attackers ask for money from the user and only after that, the attacker decrypt the encrypted files.
In most cases, Bitcoin is paid instead of currency and today value of Bitcoin is 1 Bitcoin=4,072.42 USD.
The reason of using Bitcoin is that it can cover all about the payment processes without being tracked.
The earlier history of ramsomware that got better recently is the ” PC Cyborg trojan horse virus” in 1989.
The lost ghost of the IT field, ramsomware, was being highly developed in early 2017.
As about 36% was developing as year after year, the attacking of ramsomware becomes about 266% for this time and the people being attacked had to pay for average $1077. ( Source: Symantec Threat Report 2017 ).
The attacking of ramsomware in this year was more rough than before and the attacking of Wannacry Ramsomware is affected over hundred people in 150 countries.
UK National Health System was also attacked by WannaCry Ramsomware and it had to move ambulances from the computer system that had been attacked to other places.
In a computerized age, when we have to depend a computer system most, the attacking of computer effects the real life.
In June, a ramsomware named Petya (later called NotPetya or Netya) came out and spread through Ukraine.
Many well known organizations were attacked and it included Energy Company Ukraine, Chernobyl Nuclear Plant, Antonov Company, Maersk Shopping Company and Modelez Kraft Food Ukraine.
For now, the most organizations and and people had to pay the asked cash for receiving their files back.
Sometimes, they could decrypt themselves difficultly.
Security organizations and FBI organizations advised not to pay any cash to the attackers.
Because of the reason that by paying as the attackers ask, more cyber attacking which ask for money eill be happen.
However, the organizations cannot able get back their files without any cash and those continuous criminal cases are happening unavoidably.
Ramsomware targeted WordPress
Most ramsomware targeted window using systems and now, Wordfence could track one kind of ramsomware that targeted wordpress websites.
In their investigation, they said that some dangerous attacking is found in wordpress websites and the sign of uploading many times of ramsomware into the hosting of wordpress CMS.
After uploading ramsomware into the web server, the form of attacker’s asking money to the user can be seen as follows.
Image Source: https://www.wordfence.com/blog/2017/08/ransomware-wordpress/
Both encryption and decryption are included in that screen.
The attacker was choosing a complex key and filled in that KEY ENC/DEC blank and do summit.
The attacked and encrypted website changes into this format.
Image Source: https://www.crenovated.com/ransomware-now-targets-wordpress/
Can be done decrypt?
In recent time, although pay cash to the attacker but the encrypted files cannot be decrypted.
The responsible ones of Wordfence team promised the Premium Wordfence Customers to protect from the disease of ramsomware.
However, by fully backing up our websites, we don’t need to afraid any attacking of ramsomware.
Between the dividing of market of attackers and protecting people, I apprise as a translator that the bounden ones are the users.
Ramsomware and Myanmar’s potential
Whenever cyber attacks are made Myanmar has not been attacked roughly because e-government system has not been use widely by Myanmar.
In 2009 and 2010, because of rough DDOS attacks, Yadanarpon telepost which was the only one ISP was being effected and faced with out of internet connection for many weeks.
We’ve seriously felt the wounds like this other local viruses around the years 2005-2010.
But there was no big affect concern with ramsomware and it was found nothing to say at all about the affect.
It was thought like this because there wasn’t very soon 24 hours online using system was opened and the internet network used transactions were not been the whole country’s standard.
But the attacking of Locky and Ryzerlo ramsomware which were popped up in 2016 was effected some of the users from Myanmar, and so it can’t be think as a careless case.
It’s found that many websites in Myanmar are built by WordPress CMS, e.g, the web of DVB news department, the blog of Ayeyarwaddy news department and others news departments.
A lot of web blogs are also built by WordPress CMS.
Like those websites should beware the ramsomware which are targeting to attack WordPress.
Ref: Wordfence Team: Ramsomware targeting WordPress- An Emerging Threat
