Malware WordPress plugin called WP Security has been spotted in the wild encrypting blog posts and rendering the content unreadable. The plugin obtains a list of all of the posts within the system and encrypts them with keys, using the AES-256-CBC encryption standard and the openssl_encrypt function. Only the actual post content is encrypted and everything else related to the site is untouched. It s possible that we ll see this more often in the coming months, researchers say.
Source: https://threatpost.com/cryptolocking-wordpress-plugin/147016/