by | 10 Oct 2015

RansomWeb could kill your business site

A security firm has identified a new method of attack called RansomWeb,  in which hackers encrypt the data stored on website servers and demand a ransom payment for the decryption key. Experts estimate that millions of individuals and companies could have been victims of this practice and have received ransom demands ranging from a few hundred to several thousand dollars.

Decrypting the RansomWeb method

File encrypting ransomware has become highly problematic for eCommerse site. However, researchers have spotted a new type of attack that threatens businesses. The technique, dubbed RansomWeb, and targets sensitive information stored in a website database. This attack require a lot of patience and can be highly profitable for hackers.  So, how the what is the RansomWeb method?

  1. The attackers first compromise the targeted company’s Web application and modify server scripts. Data is encrypted on-the-fly, before it’s inserted into the targeted database. This step occurs over a longer period, up to several months to avoid attracting the attention of owners of unusual behavior. Even backups are encrypted, making it difficult to recover data without accepting the payment of the ransom.
  2. The encryption key is stored on a secure web server. Once finalized encryption, hacking is unveiled and the site is no longer operational.
  3. To finish the owner receive an email with a dilemma: pay the ransom or lose all the data, forcing them to rebuild everything from scratch.

Many experts foresee a multiplication of such attacks in 2015. Professor Alan Woodward, a security expert at the University of Surrey, suggests that RansomWeb attacks can be used for both blackmail and for the long-term disruption of a website. This operation is more effective than DDoS attacks because the targeted Website can be disrupted for longer periods of time.

How to avoid a RansomWeb attack?

The only reliable way to defend against this threat is to ensure that your website is secure. It is recommended to run a daily automated scanning and if the website administrators deploy file integrity monitoring systems. These types of operations can also be quickly spotted on regularly updated Web applications.

It is in this context that OZON has developed a cybersecurity solution to protect companies from RansomWeb and other threats.  The virtual patching feature detect vulnerabilities and patch it until full remediation has been applied. Furthermore, OZON is monitoring all website flows and transactions, and protect it in real time from cyber-attacks. Do not wait, test OZON for free!