GoDaddy Domain Registrations Infected with Ransomware

Whois XML Api

GoDaddy Domain Registrations Infected with Ransomware

I have just come across this article online and anyone who is using for their domain names should check it out. has stated they have the issue under control and from reading the article I don’t think there has been too many domain names hit but if you have site online registered at Godaddy its best to check.

GoDaddy is always going to be targeting by hackers as they are the world’s number one domain registrar commanding 50% of the worlds domain names but GoDaddy are good at what they do and generally solve these types of issues in a few hours.

I have checked all my sites and none are affected by this and I have the confidence to stick with GoDaddy.

Dont Forget GoDaddy has extended there $1.99 dot com domain registration promotion until the end of the week so take advantage if you have any domains that you want to register.

The full article is below and you can read more here

Some webmasters that have used GoDaddy to register their domain names have had their sites infected with malicious ransomware, it has been revealed, a consequence of criminal hackers accessing GoDaddy’s DNS records.

Fraser Howard of online security firm, Sophos, described the attack as “exploiting DNS by hacking the DNS records of sites, adding one or more additional subdomains with corresponding DNS entries (A records) referencing malicious IP addresses. The legitimate hostname resolves to the legitimate IP address, but the added sub-domains resolve to rogue servers.”

This essentially means that users trying to access previously trustworthy sites are redirected to rouge servers due to hackers adding an additional subdomain. By doing this, the site appears still somewhat legitimate as the URL remains the same. The exploit appears to have originated in Russia.

The rouge server that a user is redirected to displays an alarming page that accuses the user of various cybercrimes while demanding a ransom to ‘unlock’ their computer. The page is region specific so should you access the page from a UK based IP address you will be confronted by a picture of a police officer in a British uniform next to a banner reading “Police Central e-crime Unit”. The page could be considered especially convincing as it features an animated .GIF picture that mimics footage being recorded from a webcam. The page claims “If you use a webcam, videos and pictures were saved for identification”

Sophos believes that the cause of this attack was weak or stolen user passwords. GoDaddy went on to release a statement that would confirm this to be true:

“Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names. We have been identifying affected customers and reversing the malicious entries as we find them. Also, we’re expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware.

We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems.”

This follows a previous, larger scale disruption of service in September that affected sites that were either hosted by GoDaddy or who had registered a domain through them. In that instance a single member of hacker and activist collective, Anonymous, claimed responsibility while GoDaddy maintained that the “service outage was not caused by external influences.”

About the Author

Robbie Ferguson is an Internet Entrepreneur, Domain Investor, Domain Broker, Blogger and founder of various websites and eCommerce businesses such as

Be the first to comment on "GoDaddy Domain Registrations Infected with Ransomware"

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: