In the past four days, researchers from three separate security firms have reported that a large number of legitimate WordPress sites have been hacked to silently redirect visitors to a series of malicious sites. The attack sites host code from the Nuclear exploit kit that’s available for sale in black markets across the Internet. People who visit the WordPress sites using out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer can then find their computers infected with the Teslacrypt ransomware package, which encrypts user files and demands a hefty ransom for the decryption key needed to restore them.
Nasty. I wonder if it’s just a coincidence that WordPress 4.4.2 was released a few days ago, with details of the exploits it fixed?
Semi-related, my local County Council’s systems were shut down last week due to a ransomware attack. I think the payload was delivered by email, but the result was the same. Apparently, the ransom was $500 in Bitcoin.