Recent BotNet Ransomware Attack WordPress
The newest BotNet ransomware attack codenamed “SoakSoak” has hit the internet. WordPress users should take note of this in order to protect your websites from this attack.
WordPress users can protect themselves against potential exploitation of vulnerabilities in two ways. One of which is making use of WordPress’s two-step authentication tool that ensures the individual who logs in is a human being and not a bot. The other way is to install the WordPress security plugin that provides brute force protection by limiting the number of failed login attempts allowed per user. The security plugin also helps to detect file changes, and change the default URL of login area so that attackers would not know where to look to initiate an attack.
Recent reports by software and security firms Invincea and Sucuri detailed how the ‘SoakSoak’ botnet is used to deliver ransomware in new attacks against WordPress websites running the Slider Revolution plugin. Previous attacks against the Slider Revolution plugin in 2014 involved only the use of the ‘SoakSoak’ botnet. This new combination of attacks denotes the ‘SoakSoak’ botnet’s change in payloads from click-fraud Trojans and password-stealing malware to ransomware. The modus operandi of the attacks begin with the ‘SoakSoak’ botnet writing a redirection script on websites to direct users to fraudulent websites containing a malicious code called Neutrino EK. If there are no debuggers or security tools on endpoint, Neutrino EK will drop the ransomware and ask users to retrieve their data by paying a ransom in bitcoins.