cybercriminals use ransomweb attacks to hold website databases hostage
DESCRIPTION
ransomwebTRANSCRIPT
-
18/02/15 12:10 pmCybercriminals Use RansomWeb Attacks to Hold Website Databases Hostage
Page 1 of 4http://www.tripwire.com/state-of-security/latest-security-news/cyriminals-use-ransomweb-attacks-to-hold-website-databases-hostage/
HOME (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY) LATEST SECURITY NEWS(HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/LATEST-SECURITY-NEWS/) Cybercriminals UseRansomWeb Attacks to Hold Website Databases
Cybercriminals Use RansomWebAttacks to Hold Website DatabasesHostage
(HTTP://WWW.TRIPWIRE.COM/STATE-
OF-SECURITY/CONTRIBUTORS/DAVID-
BISSON/)
DAVID BISSON (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/CONTRIBUTORS/DAVID-BISSON/)
FEB 3, 2015 |
LATEST SECURITY NEWS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/LATEST-SECURITY-NEWS/)
(http://www.tripwire.com/state-of-security/latest-security-news/cybercriminals-use-ransomweb-attacks-to-hold-website-databases-hostage/)
A security firm has identified a new method of attack in which hackers encrypt the datastored on website servers and demand a ransom payment for the decryption key.
In an article posted on its blog(https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html), High-TechBridge explains how its security experts first detected the attack back in December of2014.
According to the firms research, the attackers were able to successfully compromise aweb application belonging to a financial companys website(http://www.theguardian.com/technology/2015/feb/03/hackers-websites-ransom-
19 72 76
(http://www.tripwire.com/state-of-security/security-data-protection/security-configuration-management/are-you-a-security-configuration-management-expert/?sb-bnr)
Latest Security News (/state-of-security/topics/latest-security-news/)Advanced Threat Actor Linked to NSAUses Spyware to Infect the Disk DriveFirmware of Foreign Targets FEB 17, 2015
The State of SecurityNewsletter
Receive the latest security stories, trendsand insights directly in your inbox each
week.
Enter your email address here...
Sign Up
THE STATE OF SECURITY(HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/)News. Trends. Insights.
FEATURED ARTICLES (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/FEATURED/)
LATEST SECURITY NEWS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/LATEST-SECURITY-NEWS/)
TOPICS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/) RESOURCES (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/RESOURCES/)
ABOUT (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/ABOUT/)
Search
-
18/02/15 12:10 pmCybercriminals Use RansomWeb Attacks to Hold Website Databases Hostage
Page 2 of 4http://www.tripwire.com/state-of-security/latest-security-news/cyriminals-use-ransomweb-attacks-to-hold-website-databases-hostage/
Login
Enter text right here!
NAME EMAIL WEBSITE (OPTIONAL)
Submit Comment
Comment as a Guest, or login:
Displayed next to your comments. Not displayed publicly. If you have a website, link to it here.
There are no comments posted yet. Be the first one!
switching-encryption-keys). They then used that unauthorized access to modify severalscripts to encrypt data that went into the database. The attackers also stored thedecryption key on a remote server accessible only via HTTPS.
For six months, the attackers overwrote existing backups with the recent versions of thedatabase until Day X, when the hackers removed the key from the remote server, causingthe websites database to go down. Shortly thereafter, the attackers contacted the webadmins and demanded a ransom payment of $50,000 for the key.
Ultimately, the financial company was able to recover the key due to a mistake on the partof the attackers.
Since that time, High-Tech Bridge has identified another attack in which hackers encryptedand held for ransom a phpBB forum used by a SMB for customer service. It wasdiscovered that two phpBB backdoors(http://www.theregister.co.uk/2015/02/03/web_ransomware_scum_now_lay_waste_to_your_backups/)on the business server helped facilitate the attack.
Brian Honan (https://twitter.com/brianhonan), a security consultant and one of TripwiresTop Influencers in Security (http://www.tripwire.com/state-of-security/featured/top-influencers-in-security-you-should-be-following-in-2015/), observes that this method ofattack gives only a limited number of choices to its victims: At this stage, the backups areno longer useful as they contain no workable data to restore the systems, thus leaving thevictim companies with the choice of either losing all their data and rebuilding it fromscratch, or paying the ransom.
However, there is hope. Ransomweb can easily be detected by file integrity monitoring,although few companies implement this solution with dynamic web applications. To learnmore about how Tripwires file integrity monitoring solutions can protect companies fromransomweb and other threats, please click here (http://www.tripwire.com/it-security-software/scm/file-integrity-monitoring/).
Its important to note that attackers holding sensitive data hostage is nothing new.Beginning with CryptoLocker in 2013, attackers have been sending out ransomware viaemail to encrypt users personal computers. To read more about ransomware, includinghow you can protect against this particular form of malware, please click here(http://www.tripwire.com/state-of-security/security-awareness/ransomware-refusing-to-negotiate-with-attackers/).
CATEGORIES Latest Security News (http://www.tripwire.com/state-of-security/topics/latest-security-news/)
TAGS cybercrime (http://www.tripwire.com/state-of-security/tag/cybercrime/), RansomWeb(http://www.tripwire.com/state-of-security/tag/ransomweb/), Website(http://www.tripwire.com/state-of-security/tag/website/)
COMMENTS
POST A NEW COMMENT
Subscribe to None
19 72 76
Cybercriminals Steal $1 Billion in MostSophisticated Attack the World HasSeen FEB 16, 2015
Haskell Confirms Security Breach inDebian Builds FEB 16, 2015
70% of Malware Infections GoUndetected by Antivirus Software, StudySays FEB 13, 2015
Report: 16 Million Mobile Devices Infectedby Malware at the End of 2014 FEB 13,2015
(http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/why-anthem-why-now/)
Why Hackers Are After TheHealthcare Industry(http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/why-anthem-why-now/)
FEBRUARY 12, 2015
(http://www.tripwire.com/state-of-security/latest-security-news/70-of-malware-infections-go-undetected-by-antivirus-software-study-says/)
70% of Malware Infections GoUndetected by AntivirusSoftware, Study Says(http://www.tripwire.com/state-of-security/latest-security-news/70-of-malware-infections-go-undetected-by-antivirus-software-study-says/)
FEBRUARY 13, 2015
(http://www.tripwire.com/state-of-security/security-data-protection/forbes-website-used-to-spread-malware-but-what-can-other-businesses-learn/)
Forbes Website Used toSpread Malware But WhatCan Other Businesses Learn?(http://www.tripwire.com/state-of-security/security-data-protection/forbes-website-used-to-spread-malware-but-what-can-other-businesses-learn/)
FEBRUARY 13, 2015
(http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/security-perspectives-on-cyber-literacy/)
Improving Cyber SecurityLiteracy in Boards &Executives(http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/security-perspectives-on-cyber-literacy/)
POPULAR FEATURED RECENT
-
18/02/15 12:10 pmCybercriminals Use RansomWeb Attacks to Hold Website Databases Hostage
Page 3 of 4http://www.tripwire.com/state-of-security/latest-security-news/cyriminals-use-ransomweb-attacks-to-hold-website-databases-hostage/
About David Bisson
(http://www.tripwire.com/state-of-security/contributors/david-bisson/)
David Bisson (http://www.tripwire.com/state-of-security/contributors/david-bisson/) has contributed 125 posts to TheState of Security.
View all posts by David Bisson (http://www.tripwire.com/state-of-security/contributors/david-bisson/) >
Follow Follow @DMBisson@DMBisson
The Startup Problem tripwire.me/1DlI8VW via Andrew Wagner#Security #Infosec
Tripwire, Inc. @TripwireInc
Expand
iOS 8 Custom Keyboards A HackersBest Friend? tripwire.me/1ziFKc1 via @treguly #infosec #ios8
Tripwire, Inc. @TripwireInc
Expand
Three Keys to a Successful #Cybersecurity Defense Program tripwire.me/1DhFuR0 via Kelly Lang #security
Tripwire, Inc. @TripwireInc
Expand
Tweets FollowFollow
Tweet to @TripwireInc
Topics (/state-of-security/topics/)Government !
Incident Detection !
IT Security and Data Protection !
Latest Security News !
Off Topic !
Regulatory Compliance !
Risk-Based Security for Executives !
Security Awareness !
Security Slice !
Tripwire News !
Vulnerability Management !
FEBRUARY 12, 2015
(http://www.tripwire.com/state-of-security/latest-security-news/haskell-confirms-security-breach-in-debian-builds/)
Haskell Confirms SecurityBreach in Debian Builds(http://www.tripwire.com/state-of-security/latest-security-news/haskell-confirms-security-breach-in-debian-builds/)
FEBRUARY 16, 2015
Tripwire
184 people like Tripwire.
Facebook social plugin
LikeLike
-
18/02/15 12:10 pmCybercriminals Use RansomWeb Attacks to Hold Website Databases Hostage
Page 4 of 4http://www.tripwire.com/state-of-security/latest-security-news/cyriminals-use-ransomweb-attacks-to-hold-website-databases-hostage/
2015 TRIPWIRE, INC.(HTTP://WWW.TRIPWIRE.COM/) ALL RIGHTSRESERVED.
FOLLOW US
FEATURED ARTICLES (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/FEATURED/)TOPICS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/)ABOUT (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/ABOUT/)CONTRIBUTORS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/CONTRIBUTORS/)PRIVACY POLICY (HTTP://WWW.TRIPWIRE.COM/LEGAL/PRIVACY/) TRIPWIRE.COM (HTTP://WWW.TRIPWIRE.COM/)
Receive the latest security stories,trends and insights directly in yourinbox each week.
Enter your email address here...
Sign Up
The State of Security Newsletter