Skip to main content

Fake Ransomware Attack Surge Reported

By 20th December 2021Blog4 min read

Ransomware is one of the most distressing forms of cyber attack a business can suffer, and providers in IT support in Doncaster are only too aware that firms in the city can be targeted as much as anywhere else.

Attacks can come from various places around the globe, but the location is of less significance than the nature and impact of the attacks. For example, ransomware that impacts essential services such as healthcare could have a major impact by denying access to vital patient information if the ransom is not paid.

However, it is not just real ransomware that firms and individuals need to be aware of. There is also the potential risk of fake ransomware attacks, in which the intent is still to extort money, but the cyber criminal has no actual capacity to carry out their threats.

A sudden increase in such cases has occurred since the start of this month, when cyber security firm Sucuri was hired to respond to an incident from one of the victims in the US.

The fake attack was being carried out on WordPress sites, with each of them declaring that the site had been encrypted and carrying the instruction FOR RESTORE SEND 0.1 BITCOIN”. This figure in the cryptocurrency is worth over $6400 (£4,500) at present.

However threatening this may have sounded, there was one detail that did not stand up. The threat was a completely false one, because the sites had not been encrypted at all. All the hackers had managed to do was re-set all published documents to ‘unpublished’ status to look like they had been encrypted.

In addition, the hackers, who had managed to log in as admins, had altered an installed WordPress login that displayed the ransom note and a countdown. The latter related to a fake deadline by which the ransom had to be paid to avoid the threat being carried out.

Thankfully, the system fix was simple; everything could be easily reset and all 291 cases of this fake ransomware threat investigated by Sucuri were solved. Moreover, there are relatively simple things firms can do to stop this kind of fake threat arising, like keeping admin users under review, backing up the site and installing a firewall.

While this particular threat proved to be something of a paper tiger, it could still fool some firms into paying the money (or cryptocurrency).

In addition, there are still some genuine major threats out there that can have a truly major impact.

A case study by cyber security firm Acronis earlier this year detailed the five biggest attacks of this kind in the UK.

Among these was the Wannacry attack in 2017, which affected 150 countries and also shut down NHS computers in Britain, forcing staff to revert to using pen and paper and accessing online services mobile phones.

Others included Eurofins Scientific, a provider of scientific and forensic services, which reportedly paid the ransom to restore access to its blood samples database, while pharmaceuticals firm Reckitt Benckiser lost £107 million in an attack by the NotPetya ransomware.

In other cases, the British and Foreign Bible society was fined after a major cyber attack exposed customer card details and the Police Federation of England and Wales suffered an attack that prevented access to email and data services.