Protecting your WordPress site from the Teslacrypt Ransomware

A security threat aimed at sites run on WordPress has recently been discovered. Three security firms reveal that numerous sites using the CMS have been hacked. Crypto ransomware and malicious software are then delivered to end users. The ransomware being delivered is TeslaCrypt.

The visitors are redirected to a series of malicious sites. The attack sites have been discovered to host code from the Nuclear exploit kit (EK). The user is first directed to domains showing ads, before finally landing on the Nuclear EK. The ransomware aims at infecting first-time visitors.

The people who are more susceptible to the attack are those that use out-of-date versions of Adobe Reader, Internet Explorer, Adobe Flash Player and Microsoft Silverlight to access WordPress.

Google has a Safe Browsing mechanism, which helps users to avoid malicious websites. As soon as the domains used in the malicious scheme are blacklisted, the perpetrators list a different domain. They are refreshing domains as soon as the older ones get flagged.

If your computer gets infected with Teslacrypt ransomware, your files will be encrypted. Worse still, you will be demanded to pay a huge ransom for the decryption key needed to restore them.

Sucuri, a website security firm, reports that encrypted code on the sites that have been hacked differs from site to site. It aims at encrypting code at the end of JavaScript files.

How is the WordPress security being compromised?

It is not yet clear how security is being compromised. Speculations include:

– failure to lock logins by administrators, allowing content to be changed

– a vulnerability in a plugin used by WordPress sites

The ransomware causes a series of re-infections. Once a system is infected, the backdoors installed by the malware cause repeat infections. If you host a number of domains on the same hosting account, they will all be infected.

How do you ensure that your WordPress site stays safe?

Check all your database connections. The database software should also have the latest version, with the latest security updates. If your company does not have a database administrator, it is best to outsource the service.

– You need to isolate, clean, update, as well as protect all your domains. Even an abandoned site can be the source of the infection.

– Use stronger passwords to ensure your site’s maximal protection

– Use two-factor authentication

All in all, the only way to ensure that your WordPress site is safe is to follow the aforementioned solutions. A database administrator will help you detect any compromises on your CMS. Security firms are still monitoring the malicious software and will keep us updated on what to do if your site is infected.

For more on WordPress Marketing, SEO and security information, check out http://websitemarketingtoday.com