Ransomware Criminals Infect Thousands With Weird WordPress Hack

TeslaCrypt Ransomware MessageAn unexpectedly large number of WordPress websites have been mysteriously compromised and are delivering the TeslaCrypt ransomware to unwitting end-users.  Antivirus is not catching this yet.

In the last few days, malware researchers from Malwarebytes and other security firms have reported that a massive number of legit WordPress sites somehow have been compromised and are silently redirecting visitors to sites with the Nuclear Exploit Kit.  It's not yet clear how the WordPress sites are getting infected, but it is highly likely that there is a new vulnerability that is being exploited in either WP or a very popular WP plugin.

"WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads," Malwarebytes Senior Security Researcher Jérôme Segura wrote in a blog post published Wednesday. "This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit."

The compromised WordPress sites were hacked and included encrypted code at the end of all legitimate JavaScript files. The malware tries to infect all accessible .js files. The attack tries to conceal itself and the code redirects end-users through a series of sites before dropping the ransomware payload. Once a WP Server is infected, the malware also installs a variety of backdoors on the machine. 

5 Things To Do If You Run WordPress:

  1. Patch Server Operating Systems.
  2. Patch WordPress.
  3. Get rid of as many WP plugins as possible and patch the current ones.
  4. Update all your WP instances at the same time to prevent cross-infections.
  5. Lock down all WP instances with a very strong password and the WP 2-factor authentication.


5 Things To Do To Protect Your End-Users

  1. Keep workstation Operating Systems and 3rd Party Apps updated at all times.
  2. Backup your data and keep daily off-site backups. Regularly TEST, TEST, TEST if your restore function actually works. The latter is often overlooked.
  3. Provide end-users the 64-bit version of Google Chrome if possible.
  4. Run the latest V5.5 of Microsoft's Enhanced Mitigation Experience Toolkit (EMET) on workstations.
  5. Step all users through effective security awareness training.


Find out how affordable awareness training is for your organization and be pleasantly surprised.

Get A Quote Now


Topics: Ransomware

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews