RansomWeb: Could your website be held ransom?
Criminals have now started to hold websites hostage and demand hundreds of pounds to release them, using RansomWeb.
The new RansomWeb trend sees hackers breaking into a website, taking control of a site’s encryption system and changing the keys. The Guardian describes the process as being similar to burglars breaking into a house, changing all the locks and making it impossible for the owner to get back in. Once the encryption key is changed, owners are powerless.
In December, high-tech bridge security teams discovered the case of a financial company website being compromised. The website was offline, displaying a database error while the website owner received an email asking for ransom to release the site.
On further investigation, they believe the website was compromised for over 6 months before the attack, slowly changing server scripts and encrypting data. On the day of the ransom, hackers removed the new site encryption file from the server.
To date, attacks are difficult to prevent, due to the complexity of most websites and state changes. The only way to detect such attempts would be to constantly monitor for file changes.
RansomWeb is believed to be the next step on from the CryptoLocker virus that encrypted business data.
We’ll continue to update this article when news becomes available.