February 8, 2016

Threat Advisory: Ransomware Impacting WordPress sites

A large number of WordPress websites have been compromised and are delivering TeslaCrypt ransomware.

While it is not yet clear how these sites are being infected, it is suspected that there is a new vulnerability in WordPress or within a popular plug in.

The compromised sites were hacked and had an encrypted code added to the end of their legitimate JavaScript files. The malware then conceals itself while it tries to infect all accessible .js files, redirecting the end user through a series of sites before demanding the ransom.

If you run WordPress it is recommended you:

  1. Ensure you’ve patched your latest operating systems and 3rdparty applications
  2. Patch WordPress
  3. Update all WordPress plugins and instances at the same time
  4. Update your WordPress passwords and where possible, leverage the WordPress 2-factor authentication
  5. Back up your data regularly
  6. Regularly test your restore functions to ensure they are working properly

Herjavec Group will continue to monitor this vulnerability and notify our customers of appropriate developments and patches as they arise. 

Stay Informed 

  rhsm-3  Follow us on Twitter

  rhsm-2  Connect with us on LinkedIn

*By selecting one of the communications above, you consent to Herjavec Group
sending commercial electronic messages to you for marketing purposes,
including information about the products, services and events selected.