Malware, Network Security

Magento e-commerce platform targeted with new ransomware KimcilWare

Share

Users of the Magento e-commerce platform are being targeted with a new ransomware called KimcilWare, according to Threatpost.

Attackers exploit a flaw in the widely used platform used for backend management and inject the KimcilWare ransomware on the web server. Once loaded, the perpetrators employ Rijndael block ciphers to encrypt website files and demand ransom, in the range of U.S. $140 to $415, for decryption.

The scourge was first detected by MalwareHunter Team on Feb. 11, but the team admits it is still unknown who is behind the attacks, though they speculate it is associated with the open-source ransomware sample called Hidden Tear, released in August 2015 by a Turkish security researcher. MalwareHunter also detected the attackers gaining access to targeted servers via web shells, small scripts attackers can install on vulnerable servers, which then can be enlisted to run system commands via a web-based interface.

Correction: An earlier version of this story cited Kaspersky as the firm that detected the issue, when it fact it was MalwareHunter Team.

Magento e-commerce platform targeted with new ransomware KimcilWare

Users of the Magento e-commerce platform are being targeted with a new ransomware called KimcilWare.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.