Threat Advisory: Ransomware Impacting WordPress sites

February 8, 2016

A large number of WordPress websites have been compromised and are delivering TeslaCrypt ransomware.

While it is not yet clear how these sites are being infected, it is suspected that there is a new vulnerability in WordPress or within a popular plug in.

The compromised sites were hacked and had an encrypted code added to the end of their legitimate JavaScript files. The malware then conceals itself while it tries to infect all accessible .js files, redirecting the end user through a series of sites before demanding the ransom.

If you run WordPress it is recommended you:

  1. Ensure you’ve patched your latest operating systems and 3rdparty applications
  2. Patch WordPress
  3. Update all WordPress plugins and instances at the same time
  4. Update your WordPress passwords and where possible, leverage the WordPress 2-factor authentication
  5. Back up your data regularly
  6. Regularly test your restore functions to ensure they are working properly

Herjavec Group will continue to monitor this vulnerability and notify our customers of appropriate developments and patches as they arise. 

Stay Informed 

    Follow us on Twitter

    Connect with us on LinkedIn

*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.

Take the First Step
In Transforming Your Cybersecurity Program

Enterprise security teams are adapting to meet evolving business needs. With 5 global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Herjavec Group is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.

Book a Free Consultation

Stay Informed

Follow us on Twitter
Connect with us on LinkedIn