Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By reset91 on
I am really not sure where to put this. My website is now showing
"Website is locked. Please transfer 1.4 BitCoin to address 3M6SQh8Q6d2j1B4JRCe2ESRLHT4vTDbSM9 to unlock content."
I am not sure where to begin with this. I googled the error, obviously, looks like a bunch of other sites utilizing Drupal have also been affected. The ransom ware doesn't seem to be related to my servers only.
Comments
Ouch, Drupal ransomware. That
Ouch, Drupal ransomware. That's bad.
Anyway, it seems that infected sites haven't been updated, probably hacked with the drupalgeddon leak. You'd better restore from a recent back-up and update to the latest version.
Keep in mind though that it's far from impossible that the attackers left a backdoor in your server outside of drupal itself. In that case, if you're very lucky you can find it and remove it, but more often than not you'll have to wipe the server clean and do a fresh install from scratch :-( .
Did i answer your question on the forums? I love to hear a reply wether or not it worked for you!
Jaap - Acquia certified drupal site builder
.
I'm sorry you ran into the trouble.
If you wouldn't mind, could you please share the outcome of your situation? A typical Linux server comes with enough tools to encryptba file with PKI, so of this is a true ransoware, it is possible that it actually encrypted everything in your site.
- See if the database content is intact.
- there is a very good chance that they only overwrote the index.PHP file, which you can always replace from a fresh copy.
If you don't have any custom modules or custom themes, you can even build the entire site without any files (you will need to get the user uploaded files back though).
What's new and changing in PHP 8
error
I have same problem infact I can't login into my website. Please help me!!
Thanks!
Rachna
You'll need to restore your
You'll need to restore your site to a recent backup.
Help!
Can you please advice me how to that? I am very inexperienced person..Thanks!
Talk to your hosting company
Talk to your hosting company and ask them if they have a backup and can restore it.
If they don't have one, then you are out of luck, and will either have to pay the bitcoin fee, or hire someone to try to figure out how to fix your problem.
They already have restored it
They already have restored it. But error is same.
Then they need to restore a
Then they need to restore a backup from further back in time. The backup they restored must have been taken after the bitcoin ransomware was added.
Now they also are saying they
Now they also are saying they can't do anything this error is with drupal I should talk to drupal support. I had a chat with drupal support as well they are saying the problem is with my website. I cannot login in cms as well. My business is suffering. Drupal is seriously not good cms. From first day I have many issues with drupal and drupal help is disgusting they always say they are not responsible.
You realize that with the job
You realize that with the job of site administrator/owner comes a bunch of responsibilities right? Like making backups regularly and keeping everything up-to-date?
That has nothing to do with Drupal in particular, it's just a nessecity on an internet that keeps trying to find security leaks in order to exploit them for evil. Wordpress, Joomla and just about every other cms you can find will sooner or later have some security exploits found that need to be patched. If someone just built a site for you using Drupal and said goodbye without instructing you on this, shame on them. You should not do business with them again.
Anyway, like Jaypan said, if you don't have a backup from before the hack you're basically screwed. You either need to pay up for the ransomware and cross your fingers they keep their promise and restore your site, or get over your tears and start all over again from scratch.
I wish you all the best of luck and please let us know what you did and what happened!
Did i answer your question on the forums? I love to hear a reply wether or not it worked for you!
Jaap - Acquia certified drupal site builder
Drupal is seriously not good
This isn't really a Drupal issue, this can happen with any software, Drupal, Wordpress, Joomla, custom software, anything. If you keep your modules and core updated, Drupal gets hacked less than other software. The problem here is that your files weren't kept updated, so they found a known security hole and used it.
Again, this is not a Drupal issue. Drupal is open source, which is great because it is free, but it also means that you are on your own with a lot of issues. If you don't want to deal with that, then there are paid software solutions out there that would likely be better for you, since they will ensure that the software is up to date, and will handle problems like this if they arise.
I feel for your troubles - getting hacked with ransomware absolutely sucks. But it's not the fault of Drupal.
Oh!! Thanks for the detailed
Oh!! Thanks for the detailed information..I appreciate your words. But if I cannot access my account its not because I forget username password its because of this virus whom should I contact to reset my login details..Please tell me Jaypan..
You probably need to hire
You probably need to hire someone who knows Drupal well to go in and figure out what's happening, and clear your system.
You can post in the Paid Services section of the forum, or try jobs.drupal.org
Also, make sure that you make it clear they need to clean out the exploit and not just fix the bitcoin problem. Otherwise you'll likely get hacked again.
Yes, I have hired developer
Yes, I have hired developer now and he is saying hosting site has updated website with the virus and now which backup they are having is already infected.. Thanks for your advise..
The solution is to restore your Drupal database
I had the same problem and was able to restore my site by restoring the database from a previous back-up. So... it doesn't appear that the ransom ware is targeting files but rather the Drupal database somehow.