This image explains (from PCWorld Article) The Ransomware image that can occupy your computer if you had the misfortune of downloading the wrong item (malware – virus, etc).
Or if your computer was already Pwned (taken over somehow by criminal hackers) and then the criminal sold your computer access to the Ransomware criminal.
That is for “standard” Ransomware… What I want to review is the act of obtaining Ransomware on your website.
David Krebs with KrebsonSecurity has a new post this morning http://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/
Which highlights a phenomena of “Linux.encoder.1”, a Linux malware which is almost undetectable by current methods. this Linux malware is deposited in a similar manner as other malware: A vulnerability is found and the criminal is able to then take over and install this piece of code.
Now what happens is the Website files on the server are encrypted. A plaintext file is left with “instructions to decrypt”. An example he cites is websites designed by Daniel Macadar.
The vulnerability from the Magento shopping cart seems to have been the culprit. Apparently Daniel was not keeping up with the vulnerability (issued April 2015)
Unusual that we can see a real -life example of someone not performing vulnerability patches and seeing the negative results from that.
And daniel was lucky – he paid and got his files back (mostly). Due to bugs in Ransomware http://www.bbc.com/news/technology-34765484 You will lose your files forever. since there is no way to contact the criminals. (you really would not want to anyway).
My recommendation is this:
- patch your systems
- backup your files – online and offline (since Ransomware tries to infect online backups as well)
- If you do get ransomed – DO NOT PAY.
Now there is a 4th option – Bitdefender LABS can help you fix it
Update 11/10/15 5:17pm UTC Bitdefender update