There is a new threat that is compromising business websites. It is called The SoakSoak botnet and redirects visitors to a exploit kit and ransomware. It does not select which sites to compromise but instead scans a large target of potential targets for weaknesses that can be exploited. Once compromised, a “ransom” in the form of bitcoin payments is held in order for victims to get their compromised data back.
- The SoakSoak botnet is compromising business websites so that they redirect visitors to the Neutrino exploit kit and CryptXXX ransomware.
- The SoakSoak botnet made headlines in December 2014 for a campaign targeting the WordPress RevSlider slideshow plugin.
- Website operators can also stem the tide of SoakSoak attacks by regularly updating their websites and plugins, monitoring their access logs for suspicious activity, and making use of WordPress security plugins and/or anti-ransomware tools.
“Websites are often compromised by botnets that scan websites for vulnerable software or application plugins.”