What initially looked like a string of Drupal sites infected with ransomware (that didn't work properly) now looks like a professional cybercrime operation that relies on a self-propagating Linux trojan to create a botnet with various capabilities.
Last May, in a Softpedia exclusive, Stu Gorton, CEO and co-founder of Forkbombus Labs, revealed the existence of a new type of ransomware that targeted Drupal websites. That particular ransomware wasn't really that effective, and webmasters could easily go around it and restore their old websites.
Mr. Gorton didn't share all the details with Softpedia at that particular point in time, saying there was still much to analyze about the said piece of malware that was written in Go and used CVE-2014-3704 to hijack Drupal websites.
According to new research released by Stormshield and Dr.Web, that malware, which calls itself "Rex," has received many updates in the last three months since we first reported on it.