Today is a very sunny day, but cloudy online. After the hack of the webpage of the Ukranian ministry of Energy as shown in figure 1 below.
http://www.mev.gov.ua was displaying this ransomware message before, but later the site was taken down now displaying that it is running an Apache HTTP server on a CentOS server as in the figure 2 below. Meaning the administrator took it offline.
As an investigator, I decided to run a secure search with the terms ”ooops, your website have been encrypted ” using DuckDuckgo as a search engine, and all the sites hacked were indexed as show in figure 3 below.
Too many websites , victims as of today of the ransomware attack. All those live websites displaying the same message, the attackers even included music this time. The clock showing the time left to pay the ransom.The currency accepted is Bitcoin because it wont be possible to know who received the money.
The only way to bypass this it to make sure that the vulnerability used by the software and third party applications have been patched.