An unexpectedly large number of WordPress websites have been mysteriously compromised and are delivering the TeslaCrypt ransomware to unwitting end-users. And what’s worse, Antivirus solutions are not yet catching this is.
In the last few days, malware researchers from Malwarebytes and other security firms have reported that a massive number of legit WordPress sites have somehow managed to be compromised, and are silently redirecting visitors to sites with the Nuclear Exploit Kit. It’s not yet clear how the WordPress sites are getting infected, but it is highly likely that there is a new vulnerability that is being exploited in either WP or a very popular WP plugin.
“WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads,” – Writes Malwarebytes Senior Security Researcher Jérôme Segura in a blog post published Wednesday. “This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit.”
The compromised WordPress sites were hacked and included encrypted code at the end of all legitimate JavaScript files. The malware tries to infect all accessible files. The attack tries to conceal itself, and the code redirects end-users through a series of sites before dropping the ransomware payload. Once a WP Server is infected, the malware also installs a variety of backdoors on the machine including.
5 Things to Do If You Run WordPress:
- Patch Server Operating Systems.
- Patch WordPress, does your current web provider do this for you?
- Get rid of as many WP plugins as possible and patch the current ones.
- Update all your WP instances at the same time to prevent cross-infections.
- Lock down all WP instances with a very strong password and the WP 2-factor authentication.
5 Things to Do to Protect Your End-Users
- Keep workstation Operating Systems and 3rd Party Apps updated at all times. Hammett Tech SimpuCare client machines undergo weekly maintenance ensuring the latest patches are deployed on all managed machines.
- Backup your data and keep daily off-site backups. Regularly TEST, and then TEST again to see if your restore function actually works. The latter is often overlooked. If you don’t have your data backed up to off site storage, our SimpuCloud Backup solution provides a low consists fully managed backup and business continuity solution all in one.
- Run the latest V5.5 of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) on workstations.
- Step all users through effective security awareness training. This should be a yearly exercise for every business. Employees should be educated on things that could affect your productivity and cause unneeded downtime costing your business money.
{company} offers comprehensive IT security solutions that will safeguard your vital data and networks from malicious attack. Contact {company} today at {phone} or send us an email at {email} to discuss how our offerings can enhance and protect the functionality of your operations
