Are you currently experiencing an attack?

Are you currently experiencing an attack?

Holding Your Website to Ransom

Imagine that all of the databases associated with your website were suddenly taken offline.

Your customer lists, product information, user credentials, and all the rest of your data, were all suddenly unavailable.

What effect would that have on your company?

For many businesses, this scenario would be devastating. If it were to occur, many executives would willingly pay large sums of money to fix the problem.

And that’s why hackers are now blackmailing companies by doing exactly this — remotely disabling their victims’ back-end databases, until their ransom demands are met.

Ransomware attacks have been around for a long time. But in the past, they were mostly aimed at individual PC users, who would be locked out of their computers until they send funds to the malware’s operator.

Today, a new form of ransom attack is being used against businesses. Since the potential payoff is much higher for the hackers, it’s likely that this will become a popular form of attack in the future.

Here’s how it might affect your site.

It all starts with a successful breach into your web server. But unlike most other forms of web attack, once the hacker is into your server, he won’t do anything destructive. He doesn’t want to do anything that will alert you to the intrusion.

He will merely investigate your site and apps, and learn how they pass data around internally.

Once he understands your data flow, he modify your server scripts so that all data is encrypted on-the-fly before it’s written to a database, and then decrypted again as it’s being read. When this is done correctly, neither you nor your users will notice any difference in the performance of your site.

Here’s the most important thing…

Even though your site still seems to function the same as it did before, all your vital business data is slowly being encrypted — and the encryption keys are stored in a remote server that the hacker controls.

With his work now done, the hacker leaves.

Time passes. As more records within your databases are accessed, more and more records become encrypted.

Even worse, your normal backup processes are operating during this time. This means your database backups are also being overwritten with encrypted data.

After a few months have gone by, the hacker sets off the bomb.

The trigger is simple — he merely removes the encryption keys from his remote server.

Suddenly none of your web apps can access your data. And for the most part, restoring from your backups won’t help. Chances are, this will cripple your website instantly.

Shortly afterwards, the ransom demand will arrive in your inbox.

The first prominent victim of this attack vector was hit just a few months ago. Since then, other attacks have occurred, and we can expect this technique to be more widely used into the future.

So how can you defend yourself against a ransom attack?

The key is to prevent it before it even occurs. Once you get a ransom demand, the damage has already been done. By that point, it will be very difficult to mitigate (other than paying the ransom).

Here’s the good news — prevention is straightforward.

Despite the innovative nature of this attack, it still relies on the success of an old-fashioned system intrusion.

As long as the hacker is kept out of your server, ransom attacks are impossible. So as long you have a strong IPS/WAF, you don’t need to worry about your site and data being disabled for ransom.

Ransom attacks are a good example of the innovative spirit of today’s cybercriminals. They’re always looking for new and better ways to attack you.

Therefore, it’s more vital than ever for you to have robust, comprehensive web security — defenses that are always up-to-date, and always effective against even the newest assaults from hackers.

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.