Thousands of WordPress websites have been hacked with malicious code and are delivering TeslaCrypt Ransomware to their unsuspecting visitors. Antivirus is not catching this yet. In the last few days, a massive number of legit WordPress sites have been reported as compromised and been redirecting visitors to what appears as malvertising websites. In reality, end-users are redirected to the Nuclear Exploit Kit, a malicious tool that delivers ransomware threats.
“WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads,” says Malwarebytes Senior Security Researcher Jérôme Segura. “This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit.”
5 Things To Do If You Run WordPress Sites:
- Update server operating systems’ software.
- Update WordPress to the latest version.
- Update all WordPress Plugins to the latest version and remove (uninstall) the plugins you don’t use anymore.
- Prevent cross-infections and update all your WP properties at the same time.
- Enforce use of a very strong password with the WP two-factor authentication for all WordPress users.
5 Things To Do To Protect Your Business:
- Update operating systems and third-party apps immediately.
- Backup your data regularly and keep off-site backups.
- Use the latest Google Chrome version only, if possible.
- Run the latest version EMET on all workstations to block against exploitation.
- Provide effective security awareness training for all users.