Thousands of WordPress websites have been hacked with malicious code and are delivering TeslaCrypt Ransomware to their unsuspecting visitors. Antivirus is not catching this yet. In the last few days, a massive number of legit WordPress sites have been reported as compromised and been redirecting visitors to what appears as malvertising websites. In reality, end-users are redirected to the Nuclear Exploit Kit, a malicious tool that delivers ransomware threats.
“WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads,” says Malwarebytes Senior Security Researcher Jérôme Segura. “This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit.”
5 Things To Do If You Run WordPress Sites:
- Update server operating systems’ software.
- Update WordPress to the latest version.
- Update all WordPress Plugins to the latest version and remove (uninstall) the plugins you don’t use anymore.
- Prevent cross-infections and update all your WP properties at the same time.
- Enforce use of a very strong password with the WP two-factor authentication for all WordPress users.
5 Things To Do To Protect Your Business:
- Update operating systems and third-party apps immediately.
- Backup your data regularly and keep off-site backups.
- Use the latest Google Chrome version only, if possible.
- Run the latest version EMET on all workstations to block against exploitation.
- Provide effective security awareness training for all users.
What is it?
Ransomware is malicious software that cyber criminals use to encrypt your computer files rendering them useless unless you pay a ransom to get them back. Last October Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program, said “To be honest, we often advise people just to pay the ransom.” However, there is still no guarantee you’ll get your files back. After all, if you pay the ransom you’re trusting a cyber criminal to make good on their promise AFTER they have your money.
How does it spread?
Ransomware can be spread multiple ways. A user can visit a wrong website that is infected or click on an advertisement link installing the malware. It can be spread through Remote Desktop Protocol (RDP) ports open to the internet, as well as by email. It can infect local user files, files on mapped drives, Dropbox or cloud storage files.
How can you protect yourself?
There are numerous tasks that you can do to help protect your environment, some technical in nature and others dealing with employee training. First, educate your staff on how to identify bogus emails (phishing) posing as legitimate purposes that entice the receiver to take an action such as clicking on a link or downloading an attachment. Then educate everyone on how to safely surf the internet and understand how to identify where a link will take the user before clicking on it.
Having a strong security awareness training program for your employees is vital. The latest training techniques include actively sending simulated phishing emails to your staff and monitoring who clicks on them. When an employee does click on one of these emails it takes them to a remedial training page notifying them they shouldn’t have taken action on that email and why. When establishing phishing campaigns on a regular interval, say monthly, it keeps people on the look out. Management received reports on who fell victim and who didn’t, providing them with a tool that they can reward those that “never click” making it a positive program rather than a punitive one. If you would like to find out more about this service offering please contact us for a live demo or free trial. LEARN MORE
There are also technical controls that can be implemented to minimize the risk of falling victim to Ransomware. Below is a list of technical actions to take.
- Configure your mail server to filter “.exe” files. Ransomware via email often come with a “.exe” or “.pdf.exe” file extension. By denying emails that have an executable attached you can save your organization many headaches.
- Disable files from running within the AppData/LocalAppData folders. Many infections that occur have an exectuable that resides within the these folders and do not run from C:\Program Files. This step can require assistance in creating exclusions if there are legitimate programs that run from these folders.
- Patch or update your software. I get it, it’s annoying the number of pop-ups we receive for Java or Adobe updates. There is a very good reason that these companies create the updates, DO THEM!
- If you don’t have a firewall, get one! If you do, configure one! Firewalls offer additional services such as Intrusion Detection/Prevention, Anti-virus, Packet inspections. All designed to protect the internal network from the internet. Remember, if the infected machine can’t reach the cyber criminal’s server then it can’t start the process of encrypting the files.
- Install anti-virus and anti-malware software on ALL computers. This should be a no brainer by now, and yes, that means you apple-lovers also. That is a conversation for another time, but don’t believe the “It’s a MAC, I don’t need antivirus.” TRUST ME. One day you’ll be sorry if you don’t. 😉
Saving the most important for last….
Backup your systems! Ransomware, viruses, and malware are always evolving. Sooner or later they could bypass the controls that you have in place. What they can’t do is prevent you from restoring your systems to a previous state provided you’re not using a backup system that uses mapped drives. There is a HUGE difference in file level backups and image level backups. A convo for another day, but think about the purpose of backups. They are created so you can get your business back up and running as quickly as possible if something goes wrong. File-level backup systems like Carbonite or Crashplan do not provide you with quick recovery. How long would it take to get an IT person to wipe the drive and install a new operating system, reconfigure user accounts, and install software. That is all BEFORE you even start the download process of the backed up files. Let me know how long it takes to download 100GB of data.
If you are in need of an image-based backup system, contact us. We would be proud to show you how you can backup your server on an hourly basis, and when the ugly happens be back up and running within 15 minutes, regardless if your server is inoperable. Avasek is a premier partner of a backup solution that you actually can get ROI from. Have a software upgrade to do? Use your backup solution as a lab environment to test the upgrade before touching your production system. LEARN MORE
We would love to hear from you….
We pose three questions for discussion….
- What backup solution are you using, and why?
- What is your company doing to combat ransomware, viruses, and malware?
- How does your company train their employees on security awareness?