GoDaddy DNS Servers Hacked Again, Hit With Ransomware Scam
GoDaddy hacked again? The world’s largest registrar was the victim of a DNS attack on Friday that led to many websites being hijacked by criminals. The attack allowed hackers to add subdomains to a users DNS records, pointing the website to a malicious IP address run by the hacker.
Because victims typed in the correct IP address for their location, the scam capitalized on their trust of the site being visited. The DNS hack also allowed the hackers to avoid security protection protocols put in place by GoDaddy and affected websites.
The DNS records being pointed are installing the Cool Exploit Kit on the user’s computer. That particular piece of malware attacks various vulnerabilities in a user’s computer.
Once Cool Exploit Kit was activated by GoDaddy supported websites, the user was taken to a payment page. The payment page used region-specific content to make a user’s computer appear as if it has been hijacked by local law enforcement.
The infected webpage even hijacks a users webcam, claiming that they are being recorded for a possible lawsuit.
The GoDaddy hack then tells users that, if they don’t pay a required fee quickly for computer crimes they never committed, their computer will be locked down completely and they will be criminally charged.
To fix the problem, affected webmasters are being asked to check the DNS records in their GoDaddy account to ensure no new records were added.
GoDaddy has not announced an official statement regarding the attack.
This newest attack against GoDaddy comes just two months after the site was taken offline for hackers. The last GoDaddy hack ruined business for many customers for upwards of a full day. The last hack against GoDaddy also targeted the company’s DNS servers.