Threat Advisory: Ransomware Impacting WordPress sites
February 8, 2016
A large number of WordPress websites have been compromised and are delivering TeslaCrypt ransomware.
While it is not yet clear how these sites are being infected, it is suspected that there is a new vulnerability in WordPress or within a popular plug in.
The compromised sites were hacked and had an encrypted code added to the end of their legitimate JavaScript files. The malware then conceals itself while it tries to infect all accessible .js files, redirecting the end user through a series of sites before demanding the ransom.
If you run WordPress it is recommended you:
- Ensure you’ve patched your latest operating systems and 3rdparty applications
- Patch WordPress
- Update all WordPress plugins and instances at the same time
- Update your WordPress passwords and where possible, leverage the WordPress 2-factor authentication
- Back up your data regularly
- Regularly test your restore functions to ensure they are working properly
Herjavec Group will continue to monitor this vulnerability and notify our customers of appropriate developments and patches as they arise.
Stay Informed