• Skip to primary navigation
  • Skip to content
  • Skip to footer
  • Home
  • Write for Us
  • Contact

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Magento websites at risk from KimcilWare ransomware

Updated on Mar 31, 2016 by Chesky Ron

If you are running a website that uses the Magento solution, chances are you might be the next victim of a new breed of ransomware dubbed KimcilWare, which security researchers have spotted in the wild infecting several sites.

Since the malware has just been discovered, it would be hard to establish at the moment how the attackers have managed to break into the victimized websites and encrypted the files with the use of a block cipher called Rijndael. According to initial reports, the attackers are selling the decryption key for the ransomware at $415, equivalent to one Bitcoin. Other variants of the ransomware can be decrypted at a lower cost, as low as $140.

kimcilware-ransomware

KimcilWare was first seen as a broken Hidden Tear variant, presumably because of certain issues with the SSL connectivity of the attackers’ command and control server. The person responsible for the ransomware seems to be the same attacker behind another breach into a website infected with KimcilWare, as indicated by the ransom note, which contained the email address of the attacker.

Security researchers found some variations in the way the attacker infected the two victim sites with the ransomware, but the remarkable similarity was the email address of the attacker and the use of the Magento e-commerce platform in both websites.

Further investigation revealed that the attacker behind the KimcilWare ransomware had begun to attack the websites for more than a month now, dropping a script meant to lock out website owners by encrypting their site data. More than two types of script were used to encrypt those pieces of information, according to the researchers.

The first script will convert the files with the .kimcilware file extension to encrypt the data of the website, with the addition of an HTML file that shows the ransom note. The second script puts the .locked extension to the file that has been encrypted and displays a message containing the note for ransom, which reads that the victim must send one Bitcoin to the attacker in order to unlock the files. The Bitcoin address is included in the ransom note as well as the email address through which the victim is instructed to contact the attacker after the ransom amount has been paid.

It remains unclear how the attacker got hold of the servers being victimized, but it appears the Helios Vimeo Video Gallery extension has been exploited. Magento has yet to release a statement regarding the hacks.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

MaxConverter Review – A Free Online Video Converter

OLALA SG1 Bluetooth In-Ear Headphones Review – Tested and Not Recommended

TSUMBAY TS-BH07 Wireless In-Ear Headphones Review

Convert MOV to MP4 with Wondershare Video Converter Ultimate

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • MaxConverter Review – A Free Online Video Converter
  • The Really Helpful Tech that I’m Using Everyday
  • ImmuniWeb Discovery – A Thorough Vulnerability Assessment for Web and Mobile Applications
  • Top 5 Useful Technologies in Cars: Short Reviews

Disclosures

As an Amazon Associate, I earn from qualifying purchases.

TechWalls uses cookies for Google ads. Read about what we do with the data we gather in the Privacy Policy.

Copyright © 2019 · All Rights Reserved