As the week comes to a close I wanted to take a minute to talk about something we haven’t yet – Ransomware Malware.
The idea came from a case this week where a client was defaced. Instead of engaging the host or malware professional she took it upon herself to plead with the attacker via the provided email (you have to love egos). What was most amusing is that the attacker finally gave in and restored her website to get her off his back.
Obviously not something we recommend, but an amusing story nonetheless. She turned his defacement and retaliated with a little something we like to call, “Begware.”
And so this got us thinking about something that has predominantly been isolated to the notebook and desktop environments – ransomware malware.
What is Ransomware Malware?
It’s a type of malware designed to hijack a victim’s information, often isolated to local environments, in return for money or some other collateral. It actually made its debut back in 1989 in a trojan called PC Cyborg.
The idea is simple, keep you from your data.
Imagine one day turning on your computer and seeing a splash page that provides you instructions on how to go about retrieving your information. To retrieve it though you must pay the attacker X amount of dollars in return for a key that will undo what kept you from your data.
Ransomware and the Web
So the obvious question: Is it a trend we’re seeing on the web? The answer is no, but a definite possibility.
Thinking Through It
What would you do if you opened your site one day and it had an ugly defacement on it? Something like this:
Instead of being informed of the weakness in your website’s security and their obvious superiority, you get a message that says:
We have stolen your website, send money via PayPal to this account and we’ll reinstate your site!!!
What Would You Do?
The harsh reality of the situation is that some folks would most likely comply with such demands. That is the part that worries us the most, not those that would see this and laugh, but rather those that would see this and comply.
What To Do
If ever presented with something like this, don’t fret. The web-o-sphere is a different animal than local environments. There is no one piece of the puzzle that can be kicked out from under you, as long as you are being proactive.
The key word being – proactive.
Understand that you and only you are responsible for your website. It’s easy to pass the buck off to someone else, your developer, designer, host, or the malware company but in the end, it’s your site. Take ownership!
So here is a list of what to do:
- Take a step back, collect yourself, and breathe
- Call your hosting company
- Have them apply your backups – You have backups right?
- Change all your credentials – FTP, SFTP, SSH, Admin Panel, CPANEL, Database, etc..
- Engage with a malware company
If you are a proactive website owner then you would have done your homework and you would have:
- Host contact information in the event of emergencies
- Understanding of host protocols when it comes to malware
- Backups going back at least 1 week of your database and website
Looking Forward
While not currently an active web-based threat it was good to take a minute to stop and think about it. To think about what someone would do if it ever happened and how it could be applied is fundamental to how we do business. Additionally, with the evolution and increased sophistication of web-based malware we would not be surprised to see it.
Fortunately, as in most cases, by taking a few proactive steps a website owner is able to keep themselves from becoming a victim.
If you have seen cases of this or experienced it yourself we would love to hear from you. Send us a note at info@sucuri.net
Denis Sinegubko
Krasimir Konov
Ben Martin
Sucuri Malware Research Team
Cesar Anjos
Chase Watts
Gerson Ruiz
Yuliyan Tsvetkov
4 comments
Great writeup. Will be very interesting to see if this type of thing starts happening.
Comments are closed.