• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Magento websites at risk from KimcilWare ransomware

Updated on Mar 31, 2016 by Guest Authors

If you are running a website that uses the Magento solution, chances are you might be the next victim of a new breed of ransomware dubbed KimcilWare, which security researchers have spotted in the wild infecting several sites.

Since the malware has just been discovered, it would be hard to establish at the moment how the attackers have managed to break into the victimized websites and encrypted the files with the use of a block cipher called Rijndael. According to initial reports, the attackers are selling the decryption key for the ransomware at $415, equivalent to one Bitcoin. Other variants of the ransomware can be decrypted at a lower cost, as low as $140.

kimcilware-ransomware

KimcilWare was first seen as a broken Hidden Tear variant, presumably because of certain issues with the SSL connectivity of the attackers’ command and control server. The person responsible for the ransomware seems to be the same attacker behind another breach into a website infected with KimcilWare, as indicated by the ransom note, which contained the email address of the attacker.

Security researchers found some variations in the way the attacker infected the two victim sites with the ransomware, but the remarkable similarity was the email address of the attacker and the use of the Magento e-commerce platform in both websites.

Further investigation revealed that the attacker behind the KimcilWare ransomware had begun to attack the websites for more than a month now, dropping a script meant to lock out website owners by encrypting their site data. More than two types of script were used to encrypt those pieces of information, according to the researchers.

The first script will convert the files with the .kimcilware file extension to encrypt the data of the website, with the addition of an HTML file that shows the ransom note. The second script puts the .locked extension to the file that has been encrypted and displays a message containing the note for ransom, which reads that the victim must send one Bitcoin to the attacker in order to unlock the files. The Bitcoin address is included in the ransom note as well as the email address through which the victim is instructed to contact the attacker after the ransom amount has been paid.

It remains unclear how the attacker got hold of the servers being victimized, but it appears the Helios Vimeo Video Gallery extension has been exploited. Magento has yet to release a statement regarding the hacks.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

KEF LS50 Bookshelf Speakers Review: A Sound Decision Over the LS50 Meta

ALLPOWERS SP033 200W Portable Solar Panel Review – Eco-Friendly Energy on the Go

3DMakerpro SEAL 3D Scanner Review – Real-Life Performance

Allpowers S2000 2000W Portable Power Station Review: A Missed Opportunity

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • KEF LS50 Bookshelf Speakers Review: A Sound Decision Over the LS50 Meta
  • Creality CR-Scan Ferret Pro: The New Age of 3D Scanning
  • How to Fix HomePod Timer and Alarm Issues: A Comprehensive Guide
  • iPhone 15 Plus Model Number A2847, A3093, A3094, A3096 Differences

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}