WordPress Sites Delivering Ransomware
Posted by: Timothy Weaver on 02/05/2016 10:34 AM
[
Comments
]
A large number of websites that run on the WordPress content management system are being hacked to deliver the Teslacrypt ransomware package, which encrypts user files and demands a hefty ransom for the decryption key needed to restore them.
According to website security firm Sucuri, the code takes pains to infect only first-time visitors. To further conceal the attack, the code redirects end users through a series of sites before delivering the final, malicious payload.
It is not known how the sites are becoming infected, but it is possible that site administrators are not locking down login credentials that allow the hacker to change content. However, the website malware installs a variety of backdoors on the webserver, a feature that's causing many hacked sites to be repeatedly reinfected.
People running WordPress sites should take time to make sure their servers are fully patched and locked down with a strong password and two-factor authentication.
Source: Arstechnica
According to website security firm Sucuri, the code takes pains to infect only first-time visitors. To further conceal the attack, the code redirects end users through a series of sites before delivering the final, malicious payload.
It is not known how the sites are becoming infected, but it is possible that site administrators are not locking down login credentials that allow the hacker to change content. However, the website malware installs a variety of backdoors on the webserver, a feature that's causing many hacked sites to be repeatedly reinfected.
People running WordPress sites should take time to make sure their servers are fully patched and locked down with a strong password and two-factor authentication.
Source: Arstechnica
Comments
