Russian security firm Dr Web is estimating that more than 2,000 websites have been infected by ransomware known as Linux.Encoder.1, and the number of infections appears to be rising. Most of the infected sites are running WordPress or older versions of the Magento content management system. The malware encrypts directories and files, and it demands one bitcoin in exchange for instructions on how to decrypt files.
BitDefender is offering a free tool to decrypt the files without paying the ransom, but the ransomware is still a hassle for website administrators.
Website owners are encouraged to update to the latest version of their content management system. The most recent update for Magento eliminates the vulnerability that allows the Linux.Encoder.1 attack.