Information security company Zscaler reports that over 2,600 WordPress websites have recently been compromised by cyber criminals. The compromised websites have been used by hackers to spread ransomware to unsuspecting visitors. Ransomware is a type of computer virus that prevents affected users from accessing their files and forces them to pay a ransom to regain access to their computer. The most common ransomware used today encrypts a user’s files until money is paid to the hackers through online money transfers.

The WordPress hack utilizes the Neutrino Exploit Kit, a malicious code that detects and exploits vulnerabilities installed on a user’s machine. Such exploits are utilized by cyber criminals and typically evolve over time. The version of the Neutrino code used in this campaign incorporated one of the Flash zero-day exploits from the Hacking Team leak – a vulnerability in the multimedia platform Flash that was revealed after the prominent Italian company of hackers-for-hire was hacked themselves. Additionally, the code only targets users of the Internet Explorer web browser and affects websites running WordPress 4.2 or earlier versions (the current version of WordPress is 4.3). 

The ransomware installed on user machines in this campaign is known as CryptoWall, a popular form of trojan used by cyber criminals. According to the FBI’s Internet Crime Complaint Center, CryptoWall has cost US businesses and consumers approximately $18 million in the last year. Typically the ransom demanded by criminals was in between $200 to $10,000.