Ransomware has been an emerging malware threat for a few years now. With the insurgence of new encryption type Ransomware threats, researchers are beginning to scramble to conjure up solutions to recover and decrypt files affected by such threats.
Among the more aggressive ransomware threats to come out of the workshop of money-hungry hackers is the Teslacrypt threat that has recently utilized outdated WordPress sites to deliver its malicious payload.
Teslacrypt Ransomware came on the scene back in February of this year. Since then, computer hackers have used clever methods to spread the threat by use of outdated WordPress sites.
As many may know, WordPress is the most popular and widely used content management system for websites. Many of webmasters use WordPress for their backend of many popular sites and through the years of its existence the open source CMS platform has gone through its fair share of vulnerabilities. In that, outdated versions of WordPress have proven to have gaping security holes that hackers sometimes exploit to spread malware. Case in point, cybercrooks are using a Neutrino exploit kit with the Teslacrypt Ransomware threat to leverage security bugs within older versions of WordPress installs on websites.
Teslacrypt Ransomware, similar to previous encryption type ransomware threats, such as CryptoLocker and others, is known to lock computer users out of various files, encrypt those files, and eventually offer a means for computer users to restore or decrypt the files by paying up a hefty fee.
What is most discerning about Teslacrypt apart form it encrypting files and potentially causing permanent damage to encrypted files, is that it is able to download other malware in the form of an infostealer designed to collect data from an infected computer's hard drive. Furthermore, with the outbreak of the now widely abused Neutrino exploit kit, Teslacrypt may be spread through sites that are running an outdated version of WordPress.
Essentially, an outdated WordPress website would be able to spread the Teslacrypt Ransomware threat onto hundreds to thousands of visiting internet-connected computers without any indication to the computer user.
Another thing to note about the Neutrino exploit kit spreading Teslacrypt is that it was found also to deliver the CryptoWall ransomware threat, which is yet another encryption type malware. This verifies how crafty hackers are efficiently taking use of their creations to spread more than one threat through a working exploitation kit.