Ransomware Malware on the Web?

As the week comes to a close I wanted to take a minute to talk about something we haven’t yet – Ransomware Malware.

The idea came from a case this week where a client was defaced. Instead of engaging the host or malware professional she took it upon herself to to plead with the attacker via the provided email (you have to love egos). What was most amusing though was the attacker finally gave in and restored her site in an attempt to get her off his back.

Obviously not something we recommend, but an amusing story none the less. She turned his defacement and retaliated with a little something we like to call, “Begware.”

And so this got us thinking about something that has predominantly been isolated to the notebook and desktop environments – Ransomware malware.

What is Ransomware Malware?

Its a type of malware designed to hijack a victims information, often isolated to local environments, in return for money or some other collateral. It actually made its debut back in 1989 in a trojan called PC Cyborg.

The idea is simple, keep you from your data.

Imagine one day turning on your computer and in return you see a splash page that provides you instructions on how to go about retrieving your information. To retrieve it though you must pay the attacker X amount of dollars and in return you will get a key that will undo anything that was done to keep you from your data.

Ransomware and the Web

So the obvious question, being that we’re a web malware company is, is it a trend we’re seeing on the web? The answer is no, but a definite possibility.

Thinking Through It

What would you do if you opened your site one day and it had an ugly defacement on it, something like this:

Instead of being informed of the weakness in your websites security and their obvious superiority, you get a message that says:

We have stolen your website, send money via PayPal to this account and we’ll reinstate your site!!!

For a more impactful affect imagine the use of other more imaginative words to bring the point home.

What would you do?

The harsh reality of the situation is that some folks would most likely comply with such demands. That is probably the part that worries us the most, not those that would see this and laugh, but rather those that would see this and comply.

What To Do

If ever presented with something like this, don’t fret. The web-o-sphere is a different animal than local environments. There is no one piece of the puzzle that can be kicked out from under you, as long as you are being proactive.

The key word being – proactive.

Understand that you and only you are responsible for your website. Its easy to pass the buck off to someone else, your developer, designer, host, malware company but in the end, its your site. Take ownership!

So here is a list of what to do:

  1. Take a step back, collect yourself, and breathe
  2. Call your hosting company
  3. Have them apply your backups – You have backups right?
  4. Change all your credentials – FTP, SFTP, SSH, Admin Panel, CPANEL, Database, etc..
  5. Engage with a malware company

If you are a proactive website owner then you would have done your homework and you would have:

  1. Host contact information in the event of emergencies
  2. Understanding of host protocols when it comes to malware
  3. Backups going back at least 1 week of your database and website

Looking Forward

While not currently an active web-based threat it was good to take a minute to stop and think about it. To think about what someone would do if it ever happened and how it could be applied is fundamental to how we do business.Additionally, with the evolution and increased sophistication of web-based malware we would not be surprised to see it.

Fortunately, as in most cases, by taking a few proactive steps, a website owner is able to keep themselves from becoming a victim.

If you have seen cases of this or experienced it yourself we would love to hear from you, send us a note at info@sucuri.net

Scan your website for free:
About Tony Perez

Tony is the Co-Founder / CEO at Sucuri. He shares a deep passion for Information Security, Business and Brazilian JiuJitsu. He approaches the business the same as he trains BJJ, one move at a time and gently. You can follow him on twitter: @perezbox.