We found this article today about WordPress ransomware migrating to Joomla.
WordPress Ransomware springboards from WordPress to Joomla domains
“The attack vector has evolved alongside ransomware which locks PCs unless a fee is paid.
Strains of ransomware have been detected on Joomla domains, revealing a disturbing evolution of the malware’s attack vectors.
According to Brad Duncan, a security researcher at Rackspace and contributor to the Internet Storm Center, attacks based on the “admedia” campaign have shifted from the traditional target of websites supported by the WordPress content management system (CMS), and instead, have graduated to also hunt down vulnerable Joomla CMS Web domains.”