Ransomware actors are looking for new targets according to security vendor WordFence. That target would appear to be WordPress-powered websites…
Hot on the heels of WannaCry and NotPetya ransomware actors are looking for new targets. According to security vendor WordFence that target appears to be WordPress-powered websites. “During our analyses of malicious traffic targeting WordPress sites” the report states “we captured several attempts to upload ransomware that provides an attacker with the ability to encrypt a WordPress website’s files.”
It seems that the attack is badly coded, however, and decryption logic is missing from the supposed ‘ransom paid’ form. Victims wouldn’t be able to regain control of their files even if the ransom were to be paid.
What is the best way to protect a website from this kind of ransomware attack?
There is mitigation advice at the end of the linked article, and I suggest you jump over to SC Magazine UK and read it. That said, the bare minimum (and a pretty effective minimum truth be told) would be ensuring you have two-factor authentication on your admin logins, and a web-application firewall running.
Google tells me a web application firewall “applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. While proxies generally protect clients, WAFs protect servers.” Which sounds complicated. Is it?
It doesn’t have to be. The article itself was based on research by a WAF vendor called WordFence. If you are running a WordPress site then it’s probably worth taking a look at what they have to offer. At the very least you’ll get an idea of the type of security that a WAF-based approach can provide. See: https://www.wordfence.com/