As if Ransomware – the virus that locks you out of your computer until you pay a ‘ransom’ – wasn’t bad enough, now RansomWeb has come along and taken the threat onto the old World Wide Web now too. Find out the facts, and how you can help protect your business.
RansomWeb is when hackers get into a website, take control of the site’s encryption system and change the keys. The website is then totally useless to the owners because the site is prevented from completing the code n’ stuff that it needs to function. The analogy of a hacker being like a burglar breaking into your house and changing all your locks so you can’t get back in has been used, and I like it.
It’s pretty bad, because not only does it take your site offline, it demands money, and could potentially make the application unavailable permanently. It’s also super hard to detect. High-Tech Bridge – the security team that first documented the problem – give an example of a company who had unknowingly had hackers in their system for about six months, laying groundwork before making their move. Backups won’t really help either as they’ll be made whilst in encrypted mode, so if the key is stored remotely it won’t be backuped. Even High-Tech Bridge say that the victims will probably have to pay up to get back into their system.
This is a new level of bad. Ilia Kolochenko, chief executive of High-Tech Bridge, said: “We are probably facing a new emerging threat for websites that may outshine defacements and DDoS attacks. RansomWeb attacks may cause unrepairable damage, they are very easy to cause and pretty difficult to prevent.”
Kolochenko also says that the only way to really prevent it is constantly monitoring for file changes within the web app code and databases; it’s so hard to detect because sites are constantly changing. Kolochenko suggests combining regular security monitoring with web application penetration testing.
Secarma, our security arm, reckons looking into first line potential weaknesses could help too, using things like File Integrity Monitoring (FIM) to catch the little rascals before they nab your encryption key. It basically alerts you to changes in your files’ hash values, allowing you to do a backup restore before the key is taken. It may not give total protection for all sites, but it’s standard for PCI candidates and could be a good way of helping yourself stay out of sticky situations!
For more information on our security solutions take a look at our website or give us a call on 0208 045 4945.