Analecta Cyber Company Blog: New malware holding websites hostage

2015-11-27

New malware holding websites hostage

Cyber criminals recently used a variety of methods to send ransomware to unsuspecting users on Windows computers, and in some cases even hitting smartphones and tablets.

A new form of ransomware has been identified that targets web sites and the servers hosting them. This ransomware is encrypting the entire content of websites and insisting the site operator purchase the encryption key to regain use of the site.



Ransomware, a fairly new form of malicious software (or Malware), has grown to be a significant threat for small businesses over the past two years. This form of malware often encrypts the contents of an affected computer and requires the owner to pay a ransom in exchange for the key to decrypt the data. This attack can render a computer useless and years of information it contains completely unavailable.

Linux.Encoder.1 has been identified targeting Linux-based websites. It affects the website's database, web site directories and the user folders. The ransomware demands an anonymous payment of nearly $300 to decrypt the site’s contents. With the recent rise of website vulnerabilities this is a significant threat to small businesses that are unable to afford constant security monitoring and protection.
The encryption method used by these attackers is significant. They're using the same encryption technology that the US government uses for its most sensitive classified information.

What can a small business do?

There are practical steps you can take to protect yourself from this attack.
1. Keep current and regular backups of your website. Many web hosting providers have low-cost backup solutions available that give you the ability to restore previous versions of your website.
2. Limit the number of plugins and add-ons you use on your website.
3. Ensure you're using the most up to date versions of website software and the plugins or add-ons.
4. Stay informed about the threats to websites like yours.

What if I've already been attacked?

If you've already being affected by the Linux.Encoder.1 ransomware, it's critical that you identify the initial intrusion vector. It's simple for an attacker to accept the ransom, restore the files, then return for another attack. If the initial intrusion vector isn't identified the problem has not been solved.