An anonymous reader writes: A group of hackers have created a ransomware strain that specifically targets Drupal sites. Infection occurs thanks to an automated bot which scans Drupal sites and then uses an SQL injection (CVE-2014-3704) to change the site admin’s password. The bot also dumps any emails it finds on the server, and then overwrites the site’s main page to show a typical ransomware note.
Over 400 sites have been infected until now, but nobody has paid the ransom yet. This case yet again proves why “Web ransomware” will never work because even the worst Web hosting service provides automatic backups from where they could retrieve a clean version of their site.
Read more of this story at Slashdot.