Cybercriminals Use RansomWeb Attacks to Hold Website Databases Hostage

18/02/15 12:10 pmCybercriminals Use RansomWeb Attacks to Hold Website Databases Hostage

Page 1 of 4http://www.tripwire.com/state-of-security/latest-security-news/cyriminals-use-ransomweb-attacks-to-hold-website-databases-hostage/

HOME (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY) LATEST SECURITY NEWS(HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/LATEST-SECURITY-NEWS/) Cybercriminals UseRansomWeb Attacks to Hold Website Databases

Cybercriminals Use RansomWebAttacks to Hold Website DatabasesHostage

(HTTP://WWW.TRIPWIRE.COM/STATE-

OF-SECURITY/CONTRIBUTORS/DAVID-

BISSON/)

DAVID BISSON (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/CONTRIBUTORS/DAVID-BISSON/)

FEB 3, 2015 |

LATEST SECURITY NEWS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/LATEST-SECURITY-NEWS/)

(http://www.tripwire.com/state-of-security/latest-security-news/cybercriminals-use-ransomweb-attacks-to-hold-website-databases-hostage/)

A security firm has identified a new method of attack in which hackers encrypt the datastored on website servers and demand a ransom payment for the decryption key.

In an article posted on its blog(https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html), High-TechBridge explains how its security experts first detected the attack back in December of2014.

According to the firms research, the attackers were able to successfully compromise aweb application belonging to a financial companys website(http://www.theguardian.com/technology/2015/feb/03/hackers-websites-ransom-

19 72 76

(http://www.tripwire.com/state-of-security/security-data-protection/security-configuration-management/are-you-a-security-configuration-management-expert/?sb-bnr)

Latest Security News (/state-of-security/topics/latest-security-news/)Advanced Threat Actor Linked to NSAUses Spyware to Infect the Disk DriveFirmware of Foreign Targets FEB 17, 2015

The State of SecurityNewsletter

Receive the latest security stories, trendsand insights directly in your inbox each

week.

Enter your email address here...

Sign Up

THE STATE OF SECURITY(HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/)News. Trends. Insights.

FEATURED ARTICLES (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/FEATURED/)

LATEST SECURITY NEWS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/LATEST-SECURITY-NEWS/)

TOPICS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/) RESOURCES (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/RESOURCES/)

ABOUT (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/ABOUT/)

Search



Login

Enter text right here!

NAME EMAIL WEBSITE (OPTIONAL)

Submit Comment

Comment as a Guest, or login:

Displayed next to your comments. Not displayed publicly. If you have a website, link to it here.

There are no comments posted yet. Be the first one!

switching-encryption-keys). They then used that unauthorized access to modify severalscripts to encrypt data that went into the database. The attackers also stored thedecryption key on a remote server accessible only via HTTPS.

For six months, the attackers overwrote existing backups with the recent versions of thedatabase until Day X, when the hackers removed the key from the remote server, causingthe websites database to go down. Shortly thereafter, the attackers contacted the webadmins and demanded a ransom payment of $50,000 for the key.

Ultimately, the financial company was able to recover the key due to a mistake on the partof the attackers.

Since that time, High-Tech Bridge has identified another attack in which hackers encryptedand held for ransom a phpBB forum used by a SMB for customer service. It wasdiscovered that two phpBB backdoors(http://www.theregister.co.uk/2015/02/03/web_ransomware_scum_now_lay_waste_to_your_backups/)on the business server helped facilitate the attack.

Brian Honan (https://twitter.com/brianhonan), a security consultant and one of TripwiresTop Influencers in Security (http://www.tripwire.com/state-of-security/featured/top-influencers-in-security-you-should-be-following-in-2015/), observes that this method ofattack gives only a limited number of choices to its victims: At this stage, the backups areno longer useful as they contain no workable data to restore the systems, thus leaving thevictim companies with the choice of either losing all their data and rebuilding it fromscratch, or paying the ransom.

However, there is hope. Ransomweb can easily be detected by file integrity monitoring,although few companies implement this solution with dynamic web applications. To learnmore about how Tripwires file integrity monitoring solutions can protect companies fromransomweb and other threats, please click here (http://www.tripwire.com/it-security-software/scm/file-integrity-monitoring/).

Its important to note that attackers holding sensitive data hostage is nothing new.Beginning with CryptoLocker in 2013, attackers have been sending out ransomware viaemail to encrypt users personal computers. To read more about ransomware, includinghow you can protect against this particular form of malware, please click here(http://www.tripwire.com/state-of-security/security-awareness/ransomware-refusing-to-negotiate-with-attackers/).

CATEGORIES Latest Security News (http://www.tripwire.com/state-of-security/topics/latest-security-news/)

TAGS cybercrime (http://www.tripwire.com/state-of-security/tag/cybercrime/), RansomWeb(http://www.tripwire.com/state-of-security/tag/ransomweb/), Website(http://www.tripwire.com/state-of-security/tag/website/)

COMMENTS

POST A NEW COMMENT

Subscribe to None

19 72 76

Cybercriminals Steal $1 Billion in MostSophisticated Attack the World HasSeen FEB 16, 2015

Haskell Confirms Security Breach inDebian Builds FEB 16, 2015

70% of Malware Infections GoUndetected by Antivirus Software, StudySays FEB 13, 2015

Report: 16 Million Mobile Devices Infectedby Malware at the End of 2014 FEB 13,2015

(http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/why-anthem-why-now/)

Why Hackers Are After TheHealthcare Industry(http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/why-anthem-why-now/)

FEBRUARY 12, 2015

(http://www.tripwire.com/state-of-security/latest-security-news/70-of-malware-infections-go-undetected-by-antivirus-software-study-says/)

70% of Malware Infections GoUndetected by AntivirusSoftware, Study Says(http://www.tripwire.com/state-of-security/latest-security-news/70-of-malware-infections-go-undetected-by-antivirus-software-study-says/)

FEBRUARY 13, 2015

(http://www.tripwire.com/state-of-security/security-data-protection/forbes-website-used-to-spread-malware-but-what-can-other-businesses-learn/)

Forbes Website Used toSpread Malware But WhatCan Other Businesses Learn?(http://www.tripwire.com/state-of-security/security-data-protection/forbes-website-used-to-spread-malware-but-what-can-other-businesses-learn/)

FEBRUARY 13, 2015

(http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/security-perspectives-on-cyber-literacy/)

Improving Cyber SecurityLiteracy in Boards &Executives(http://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/security-perspectives-on-cyber-literacy/)

POPULAR FEATURED RECENT



About David Bisson

(http://www.tripwire.com/state-of-security/contributors/david-bisson/)

David Bisson (http://www.tripwire.com/state-of-security/contributors/david-bisson/) has contributed 125 posts to TheState of Security.

View all posts by David Bisson (http://www.tripwire.com/state-of-security/contributors/david-bisson/) >

Follow Follow @DMBisson@DMBisson

The Startup Problem tripwire.me/1DlI8VW via Andrew Wagner#Security #Infosec

Tripwire, Inc. @TripwireInc

Expand

iOS 8 Custom Keyboards A HackersBest Friend? tripwire.me/1ziFKc1 via @treguly #infosec #ios8


Expand

Three Keys to a Successful #Cybersecurity Defense Program tripwire.me/1DhFuR0 via Kelly Lang #security


Expand

Tweets FollowFollow

Tweet to @TripwireInc

Topics (/state-of-security/topics/)Government !

Incident Detection !

IT Security and Data Protection !

Latest Security News !

Off Topic !

Regulatory Compliance !

Risk-Based Security for Executives !

Security Awareness !

Security Slice !

Tripwire News !

Vulnerability Management !

FEBRUARY 12, 2015

(http://www.tripwire.com/state-of-security/latest-security-news/haskell-confirms-security-breach-in-debian-builds/)

Haskell Confirms SecurityBreach in Debian Builds(http://www.tripwire.com/state-of-security/latest-security-news/haskell-confirms-security-breach-in-debian-builds/)

FEBRUARY 16, 2015

Tripwire

184 people like Tripwire.

Facebook social plugin

LikeLike



2015 TRIPWIRE, INC.(HTTP://WWW.TRIPWIRE.COM/) ALL RIGHTSRESERVED.

FOLLOW US

FEATURED ARTICLES (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/FEATURED/)TOPICS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/TOPICS/)ABOUT (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/ABOUT/)CONTRIBUTORS (HTTP://WWW.TRIPWIRE.COM/STATE-OF-SECURITY/CONTRIBUTORS/)PRIVACY POLICY (HTTP://WWW.TRIPWIRE.COM/LEGAL/PRIVACY/) TRIPWIRE.COM (HTTP://WWW.TRIPWIRE.COM/)

Receive the latest security stories,trends and insights directly in yourinbox each week.

Enter your email address here...

Sign Up

The State of Security Newsletter

Cybercriminals Use RansomWeb Attacks to Hold Website Databases Hostage

Documents

Transcript of Cybercriminals Use RansomWeb Attacks to Hold Website Databases Hostage