27 Comments on "WordPress-Delivered Ransomware and Hacked Linux Distributions"
willc February 23, 2016 at 9:44 am •
Ithink you need to change the title of this article to
"WordPress-delivered" instead of "WordPress Delivered." I read the
subject in my email that you just sent and thought you were saying that
WordPress delivered malware and hacked ISOs.
Ditto! February 23, 2016 at 10:16 am •
I panicked - thinking that the trusted Wordpress Foundation was
directly delivering Wordpress.org distributions that were laced with
ransomware back-doors.
D:
Good to know. Thank you.
Geves February 23, 2016 at 9:51 am •
Thank you for sharing such interesting wordpress security updates.Jeffrey Frankel February 23, 2016 at 9:53 am •
Whatpuzzles me about a ransomware attack is when you pay the money it must
go to someone, a company, a person. Why can't the police find these
people?
The Roach February 23, 2016 at 10:51 am •
Bitcoinsare the closest financial transactions can get to being anonymous right
now - and if you could discover the culprit, chances are, he's located
in a country that doesn't extradite for computer hacking.
Elsie Gilmore February 23, 2016 at 11:13 am •
So,couldn't one just delete all their files through FTP, delete the
database and create the site again from scratch? I don't understand how
this works. What am I missing? Is this only a problem if you don't make
regular backups?
Yes, February 23, 2016 at 11:38 am •
that is correct. This can affect personal and business computers, not
just websites, and unfortunately many people don't make regular backups.
The February 23, 2016 at 11:47 am •
encryption is of files on you computer, like photos and documents.
Fixing your web site may prevent the site from being used to infect
others but does not unencrypt the files on the computer.
Based February 23, 2016 at 11:37 am •
on the screenshot and what I've read elsewhere, payment is required in
Bitcoin, which has no direct connection to anyone's real world identity,
and associated communications are via Tor, which runs over multiple
encrypted proxies, preventing a network trace. Finding the culprits is
not impossible, but is pretty close unless you have NSA-level resources.
Even if you did manage to track them down, the hackers who commit
these types of crimes can be located anywhere in the world – and if
they're smart, they target victims in other countries. If you live in,
say, Miami, and you go to your local police with a ransomware attack,
even if you got lucky and somehow tracked down the culprit, when they
see it's coming out of China or Uzbekistan or something, there's just
not going to be much they can do for you.
The February 23, 2016 at 12:22 pm •
Police in the Ukraine, China, or Brazil (the biggest Hacker countries)
are useless for resolving complaints. In many cases the hackers either
work with or are protected by the authorities.
Surely the Hollywood Presbyterian Medical Center had back-ups that they could have reinstalled? February 23, 2016 at 10:16 am •
Neville, February 23, 2016 at 6:35 pm •
I am in total agreement with you, someone should lose their jobs over this.
I have no less than three backups of every data I own, and websites
included. Both securely cloud stored and physically on my premise in an
extremely secure SAN. The entire annual cost is <$150.
Maximillian Heth February 23, 2016 at 10:39 am •
Wow,now that is friggin' scary! =S If there was ever a top reason to secure
your site as much as possible, this is definitely a story worth
sharing! Thanks guys! =)
Samuel Guebo February 23, 2016 at 10:44 am •
Thoseransomwares can really be a hard thing to deal with. I faced TeslaCrypt
1 month ago. One of my client got infected by this ransomeware. The
process was tricky but I made my way out and wrote an article on how I
did it. Here is the link [Editor: To the utility he used to clean his
site. I'm assuming you're not the author. Thanks for the info Samuel.]: https://github.com/googulator/teslacrack
Darrel "Root" Carpenter February 23, 2016 at 11:04 am •
Thanks Mark for the information.Jeffery Frankel, Bitcoin is quite difficult trace. Bitcoin was built
to be anonymous but sometimes it can be tracked if the user makes a
mistake somewhere in their process. Additionally, most police
departments haven't got a clue but since this is Los Angeles bothe the
LAPD and LA County Sheriff's department are big enough to have "Cyber"
divisions so you can be sure one of them are working on this case.
Neville Gosling,
You would be amazed how many large, corporate and government offices
DON'T have a backup plan or routine. I am stunned to see just how many
BIG companies don't have a plan and their only recourse to the
CryptoLocker, RansomWare type attacks, is simply to pay up. Otherwise
you simply format, reload your OS and move on and suffer the loss of
data and hope it's just not that bad.
Good Luck to everyone!
-Root-
I am not questioning this scenario, but sometimes I do wonder if it's just easy to blame WordPress. February 23, 2016 at 11:37 am •
That aside, will people ever learn that backups are often the most important function they can perform to help themselves?
Off my soapbox.
dave February 23, 2016 at 11:47 am •
Againthanks for a great insight but in addition to good security you should
also have a good backup routine in place which in turn could get rid of
the problem easily. As long as you can work out how your site got
infected in the first place
But I think this post high lights something much more important and that
is the duty of care that we as site owners have towards our visitors in
ensureing their visits to us are safe.
Here's February 23, 2016 at 11:54 am •
a story about a school district in South Carolina (Myrtle Beach) that's
paying the ransom. Here's one of the stories:
http://www.myrtlebeachonline.com/news/local/education/article61869482.html
I February 23, 2016 at 1:48 pm •
have both WordPress security and wordfence installed, I keep my plugins
up to date and yet, my website gets compromised on average every 2
weeks... Maybe I'd be better without any plugins..
Mehmet HAKAN February 23, 2016 at 2:24 pm •
I think the responsibility of linux or server is hosting providers. We have to trust them. Am I right?Dave February 23, 2016 at 11:14 pm •
Yesyou are right, the linux operating system, apache and any other
software that's crucial to server doing it's job is our responsibility,
however, the software and scripts, eg wordpress, plugins and themes that
you put on the server are your responsibility. It works both ways my
friend.
I February 23, 2016 at 4:22 pm •
watched once as a folder in my DropBox suddenly got attacked by
ransomware. I was getting a ton of notifications on my screen that
something was happening and fortunately it was a folder that I rarely
used, but it was accessed by some people who must have had low security
systems. It was kind of creepy to watch files get converted to some file
format I never heard of. I was able to delete that folder immediately
from DropBox and that ended the threat. I did get to see their ransom
message. Sheesh.