US-CERT said it is urging website administrators to update sites that utilize the WordPress content management system following a surge in website servers redirecting visitors to a ransomware-delivering exploit kit known as Nuclear.
The malware uploads multiple backdoors into different locations on an infected web server and frequently updates the injected code. It also delivers TeslaCrypt ransomware, which encrypts user files and demands a large payment for the decryption key required to restore them.
Recent versions of ransomware leverage compromised WordPress sites to serve as a drop point for information related to the compromised host. In March 2015, a so-called ISIS hack on numerous North American websites, including one belonging to a Montana credit union, exploited a known vulnerability in a WordPress plug-in.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
- Exclusive discounts on ALM and CU Times events.
- Access to other award-winning ALM websites including Law.com and GlobeSt.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
