February 2016 – Ananova

TeslaCrypt Ransomware

Overview

Joomla & WordPress are quite familiar names in the world of technology, mostly used by web hosting service providers. It is truth known to everyone that Information Technology is an important part of day today’s life. It is also a fact that every person uses internet & if because of any reason it stops working then that will create so much of trouble especially for people who use internet utmost. Therefore, there is a need for cyber security. It requires rendering training for security of internet. It is a primary need for a person to be aware of security for internet, since most of the people are not aware & cannot defend themselves against the cyber threats that exist and are emerging.

Few Tips via Research

Joomla is the target, newly found by attackers after a campaign that has targeted WordPress websites by injecting JavaScript files with malicious code. The code then profusely iframes and enter via advertisements on WordPress sites in addition to creating backdoors on the threatened web servers and perpetually reinfecting other WordPress websites. Therefore before clicking on any advertisement shown in between or on a website, an individual needs to think twice. It is better not to click, if he is not aware & is unknown of origin.
Exploit kits are continuously infecting thousands of WordPress websites & are setting their eyes on the open source content management system & on Joomla websites.
There is a team of researchers who are constantly trying to make users aware about these websites explosives. They are reporting visitors to those compromised WordPress websites which are directed to malicious internet sites. The websites which contain the Nuclear exploit kit & are a collection of exploits targeting Adobe products which enclosed Flash, Reader & Acrobat. Internet Explorer and Microsoft Silverlight can also get affected. Afterwards, attacks have shifted to other websites & are becoming more dangerous. Nowadays nasty & explosive kits are delivering the dangerous Angler exploit kits, according to the study done by researchers.

TeslaCrypt Ransomware Target

Teslacrypt, like other earlier versions of crypto-ransomware, encrypts files stored on the local hard drive. After doing this, these groups demand a ransom in exchange for the encryption key. There are few who paid a heavy ransom amount to exchange or get the encryption keys.
Despite, the number of infected or corrupt Joomla sites is smaller in comparison to WordPress & other websites by an order of magnitude. So is the market share of Joomla, which is less comparative to other websites. In some cases, the infected Joomla sites are a part of the same hosting accounts with WordPress sites & are getting affected equally.
It is believed that the attackers scans for multiple infirmities on WordPress, Joomla, and Drupal sites as well and infect others also as much as it can do. Utmost versions of the malware do not depend on any particular CMS. Attackers only infect .js files that can be found in any CMS. They use the debility to infect all .js files and only solution is to stop them.