Massive WordPress Hack Redirects Thousands of Users

Thousands of WordPress websites have been hacked with malicious code and are delivering TeslaCrypt Ransomware to their unsuspecting visitors. Antivirus is not catching this yet. In the last few days, a massive number of legit WordPress sites have been reported as compromised and been redirecting visitors to what appears as malvertising websites. In reality, end-users are redirected to the Nuclear Exploit Kit, a malicious tool that delivers ransomware threats.

“WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads,” says Malwarebytes Senior Security Researcher Jérôme Segura. “This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit.”

Since it’s not yet clear how WordPress sites are getting infected, the threat is severe. It is highly likely that the hack exploits vulnerability in either WordPress or a very popular WP plugin. This vulnerability allowed hackers to infect all accessible JavaScript files and to install multiple backdoors on WP server that gives them a remote access to the system.

5 Things To Do If You Run WordPress Sites:

  1. Update server operating systems’ software.
  2. Update WordPress to the latest version.
  3. Update all WordPress Plugins to the latest version and remove (uninstall) the plugins you don’t use anymore.
  4. Prevent cross-infections and update all your WP properties at the same time.
  5. Enforce use of a very strong password with the WP two-factor authentication for all WordPress users.

5 Things To Do To Protect Your Business:

  1. Update operating systems and third-party apps immediately.
  2. Backup your data regularly and keep off-site backups.
  3. Use the latest Google Chrome version only, if possible.
  4. Run the latest version EMET on all workstations to block against exploitation.
  5. Provide effective security awareness training for all users.
Posted in Ransomware