Ransomware Strikes Websites

Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker).

Ransomware infections were first seen in 2013 and have been on the increase since then. Today it is one of the most pervasive online threats that Internet users and businesses face. Traditionally, ransomware has only affected personal computers and the malware is often distributed through hacked websites.

Every Week we hear of someone who computer has been infected. Just recently  ( Jan 2016) there is a new email coming out disguised as Australia Post. Telling you that a parcel could not be delivered and to click here for more info.

Over the last few months there has been a new development with ransomware attacks: They’ve started to infect websites themselves. Yes so if you are reading this and you have a website, BEWARE!!!

These attacks infect and encrypt the website files and then demand payment. The files on the server are inaccessible and the homepage is defaced with a warning that the website has been held hostage.

Have you seen this? You dont want too.

Unsurprisingly, vulnerabilities in outdated software seem to be the main method of distribution. Remember web admins: Update, update update!

Ransomware Is Now Targeting Websites

Usually websites are used to spread PC-based ransomware; visiting the infected website will launch the virus onto your machine, encrypting its contents. Before it was also commonly distributed through tech support scams and bogus e-mails, but now we see website admins fall victim as well. Magento e-commerce sites seem to be a big target of this new website ransomware, but it is by no means limited to them. ALL websites are now at risk.

Once the attackers have access to your server, (where your website is hostedthey encrypt all your site files and have the extension of .encrypted added to the file name rendering them useless:

There was a flaw in the way the files were encrypted, and it was possible to return then to a state or good health, however the attackers caught wind of their design flaw and now it is even hard to rectify. So without a clean backup, you might find yourself having to rebuild your entire website (unless you want to take the risk of paying the ransom fee which there is no guarantee you will ever get the key to fix the files).

Whats even worse, is this malware can spread to other websites in the same hosting environment making a bad situation much worse. So if you have more than one website

Just like your computer backups, website backups are Critical

If you are unfortunate enough to have your website infected with this ( or any) malware, your only option is to revert to a recent backup, change all login detailss and update all software. If you dont do backups, then when you get hit, you will understand why we impress on our customers to backup Backup BackUP!!!!. If you don’t already do backups, then we can take some steps for you to ensure you have a backup handy.

If you find yourself having to get your website rebuilt after such an infection, then you will be kicking yourself, and wondering why you never got us to do a backup for you. Once it has happened, it is too late.

The very least you should do for your site is to put your site behind a website firewall to help prevent attacks before they even reach your site. We can recommend a hosting company that bends over backwards to prevent this sort of thing happening..

If you would like to talk to us then please call or head over to our contact page and get in touch.

We have various packages available, however we can do special one off deals depending on your needs. Speak to us today to see what we can do for you