Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Criminals Encrypting Databases of Website and Demanding Ransom

Securityweek.com published a report on 29th January, 2015 quoting a recent statement of Switzerland-based security vendor High-Tech Bridge as "Malicious actors are encrypting databases of website and holding them for ransom."

The security firm investigated the breach in December 2014 and found that an undisclosed European financial services company was the first acknowledged victim of this massive business-destroying assault.

The technique known as "RansomWeb" targets critical details stored in databases of website and these attacks involve extensive patience and can be very lucrative for cyber crooks.

The cybercriminals first compromise Web applications of the targeted company. After that, they modify scripts of the server to encrypt that data on-the-fly before it is included into the database. This process of encryption takes long time to shun any suspicion and once the encryption of the information is over, victims are sent demand for a ransom.

Researchers observed in one campaign that the bad guys encrypted the database of a financial enterprise for six months and during this operation, even the backups were overwritten with encrypted entries making the recovery of data most difficult.

Cybercriminals targeted only crucial parts of the database in this particular attack to most likely reduce the impact on the performance of the Web application.

The encryption key is stockpiled on a remote Web server which can be accessed only through HTTPS. However, the key is eliminated from the server once the encryption process is completed.

The website was knocked down once they pulled the key and information was no longer being noiselessly encrypted and decrypted. After that, employees of the financial firm were dispatched emails from a Gmail account asking the firm to pay $50,000 to get their site back and terrorized to swell the ransom by 10% with every passing week.

Forbes.com published news on 28th January, 2015 quoting Ila Kolochenko, CEO of High-Trend Bridge, as saying "the company did not pay the ransom as they were able to retrieve the keys due to mistakes of hackers."

High-Tech Bridge observed that this was a clever attack and unique enough as it was a one-time thing. This observation was true till recent as another customer had a problem with their phpBB installation.

ยป SPAMfighter News - 09-02-2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next