US-CERT said it is urging website administrators to update sites that utilize the WordPress content management system following a surge in website servers redirecting visitors to a ransomware-delivering exploit kit known as Nuclear.
The malware uploads multiple backdoors into different locations on an infected web server and frequently updates the injected code. It also delivers TeslaCrypt ransomware, which encrypts user files and demands a large payment for the decryption key required to restore them.
Recent versions of ransomware leverage compromised WordPress sites to serve as a drop point for information related to the compromised host. In March 2015, a so-called ISIS hack on numerous North American websites, including one belonging to a Montana credit union, exploited a known vulnerability in a WordPress plug-in.
Continue Reading for Free
Register and gain access to:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts.
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders.
- Educational webcasts, white papers, and ebooks from industry thought leaders.
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com.
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
