Aussie site caught up in CryptXXX ransomware-spreading campaign

By

Dunlop's site compromised, users redirected to exploit kit.

Attackers are targeting business websites through a vulnerable version of the Revslider slideshow plugin for Wordpress to spread the CryptXXX ransomware.

Aussie site caught up in CryptXXX ransomware-spreading campaign

Security vendor Invincea warned that the SoakSoak botnet, active since 2014, is currently scanning for websites running a vulnerable version of Revslider.

Once a vulnerable installation is found, SoakSoak adds a redirection script to another website that contains the popular Neutrino exploit kit. Neutrino looks for security tools and debuggers on the target system, and if none are found, it drops the CryptXXX ransomware.

CryptXXX appeared in April this year and attacks Microsoft Windows computers. Files scrambled by the latest version of the ransomware cannot yet be decrypted. The ransom is set at 2.4 bitcoin, or A$2154, to obtain a decryptor from the extortionists.

Invincea listed a number of websites it discovered had been compromised, including that for Australian building supplies and adhesives business Dunlop.

Dunlop parent Ardex Australia said it was "currently investigating" the weakness and declined to elaborate.

A vulnerable version of the RevSlider plugin for Wordpress was behind the March 2015 compromise of the New South Wales government GovDC website. In December 2014, over 100,000 sites with the Revslider plugin were compromised in a single day.

Invincea has collated a list of global business sites currently compromised by the SoakSoak ransomware-spreading campaign.

The firm warned that botnets are constantly scanning webservers around the world, looking for vulnerable plugins, themes or outdated content management systems, to exploit for redirections to exploit kits.

It advised admins to monitor their sites, keep them fully patched and to remove any themes and plugins are not in use.

Update: Ardex IT supervisor Jürgen Mertin said the vulnerability was removed within an hour after the company was advised of the vulnerability by iTnews. He said the company had not been notified of the issue by Invincea.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
malwareransomwaresecurity

Sponsored Whitepapers

Gaining a Competitive Advantage with Communication APIs
Gaining a Competitive Advantage with Communication APIs
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack
Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data
Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?