WordPress Virus Infects Users with Ransonware

WordPress is a very popular open source content management system. Open source means there are hundreds of people from all over the world working to make improvements to the platform and the source code is available to the public free of charge. WordPress is the most popular of its kind and is mainly used for blogging and content management. Recently these websites have been experiencing vulnerabilities that have been infecting user’s computers with Ransomware. There have been reports of users getting hit with the TeslaCrypt ransomware virus, the scariest part is that this is sneaking by antivirus filters undetected.

Last week Malwarebytes has reported an amplitude of legitimate WordPress sites being infected. It has been reported that whoever is responsible for these hacks has been redirecting users to harmful sites using the “Nuclear Exploit Kit”. This is a well-known software utilized by criminals to deploy malicious attacks. While being re-directed, the end user has no idea. Although the exact vulnerability with WordPress has not been discovered, it is said that it either has to do with the site itself, or a plugin that it utilizes. Within the sites that were hacked, the threat was traced to encrypted coding that was found at the end of JavaScript files, these files then infected WordPress servers installing a variety of backdoors, the virus then attempt to access whatever files it could find. When an end user’s PC gets infected, the individual would get redirected to numerous websites before their computer becomes locked due to the ransomware.

If you run WordPress on your servers you must do the following '

1. Patch the Operating System

2. Patch WordPress

3. Remove as many WordPress plug-ins as possible, patch all the ones current.

4. Update every WordPress instance at the same time. This is done to prevent cross infections.

5. All WordPress instances should be secured with very strong passwords with WP2 factor authentication.

End users who utilize WordPress should also take preventative action, suggested steps are listed below '

1. Make sure that your workstation OS is always updated

2. Always make sure your backing up your data.

3. Make sure you test your backups regularly

4. Use Google Chrome 64 bit.