Thousands of WordPress and Joomla sites ‘infected with ransomware’

Technology

8 July 2016 | Author: Matt Smith

As many as 10,000 WordPress and Joomla websites have been infected with ransomware, according to cyber security researchers.

Sucuri said the campaign, dubbed Realstatistics, injects fake analytics code into the PHP templates of compromised sites. The script sends users to the Neutrino exploit kit, which tries to exploit their browsers and installs CryptXXX ransomware if successful.

Although the security firm has seen around 2,000 infected sites on its SiteCheck tool, it estimates that the real number could be at least five times bigger than this.

The researchers said 60 per cent of the affected websites are running out-of-date versions of WordPress or Joomla, while 90 per cent are running a content management system (CMS) they are able to fingerprint, suggesting the hackers are targeting common vulnerabilities.

They said it is likely that the cyber criminals are attacking plug-ins and extensions, rather than the core software behind the affected websites.

"When a CMS is out of date, it speaks volumes to the administration/maintenance strategies a website is employing," wrote Sucuri founder and CTO Daniel Cid in a blog post.

"If a website owner is unable to keep their core up to date, we can confidently say that they are likely not keeping the extensible components up to date.

"And we know from our previous research that the leading vector in most CMS applications comes from third-party integrations like plugins and extensions."

He added that site administrators should act quickly, because Google has been blacklisting sites with the Realstatistics code since July 3rd.

For more information on the threat, see the Sucuri blog – or use the security firm's SiteChecker tool to find out whether your own site has been infected with ransomware.

Source: Thousands of WordPress and Joomla sites 'infected with ransomware'