RansomWeb: Cyber Criminals Hold Whole Website Hostage



Now this is a whole new wrinkle in criminal ransomware. Malicious hacker crews have started taking over whole websites, injecting some code to file-by-file first encrypt and then decrypt all information on-the-fly in real time, so that after some months the whole website is encrypted and decrypted with a key that the bad guys own. The website owner sees nothing strange happening, all the traffic is https, and apparently it is fast enough to not create a performance hit.

RansomWeb: Website Ransomware

Then, one day when the encryption process is (close to) complete, the bad guys pull the plug and ask for a ransom to turn things back on. Moreover, during the period they owned the website; they tunneled into the network and deleted or overwrote all backups so that these do not exist. Swiss security firm High-TechBridge investigated the breach in December 2014 and reported on it here.

Professor Alan Woodward, security expert from the University of Surrey’s Department of Computing, said “The next step might well be the modern equivalent of protection rackets – threatening companies with being either taken offline or having their databases frozen unless they pay a regular fee.”

Brian Honan, security consultant, said the modus operandi of the RansomWeb hackers was similar to ransomware attacks against a number of SMBs he had worked with, whereby the criminals broke into the server of the victim, overwrote backups with either the encrypted data or blank data, and at a later date returned to encrypt the server. “At this stage the backups are no longer useful as they contain no workable data to restore the systems, thus leaving the victim companies with the choice of either losing all their data and rebuilding it from scratch, or paying the ransom.”

So, make sure you make regular backups, regularly test your restore function, and at least weekly make off-site backups so that you can restore if you need to!

The bottom line is, your employees are often the ones letting these bad guys in unwittingly by clicking on a link in a phishing email, so stepping them through effective security awareness training is a must.  


 

Find out how affordable this is for your organization today. 

Get A Quote Now

 

Hat Tip to Thomas Fox-Brewster at Forbes


Topics: Phishing, Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews