Don't Let Your Website Be Held Hostage: Five Ransomware Safety Tips for Online Retailers

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.tmcnet.com/usubmit/2015/11/18/8279806.htm

Cybercriminals have developed a destructive new form of ransomware
<http://cts.businesswire.com/ct/CT?id=smartlink&url=http%3A%2F%2Fkrebsonsecurity.com%2F2015%2F11%2Fransomware-now-gunning-for-your-web-sites%2F&esheet=51226757&newsitemid=20151118005153&lan=en-US&anchor=new+form+of+ransomware&index=1&md5=bd3a7d1d7f1f37b7fd998f242989e077>
that targets online retailers. Cybercriminals scan websites for common
vulnerabilities and use them to install malware that encrypts key files,
images, pages and libraries, as well as their backups. The criminals behind
these attacks then hold them hostage, and website operators must pay a
ransom in anonymous cryptocurrency to unlock the files.

"Ransomware has proven to be very lucrative for cybercriminals, so it makes
sense that these kinds of attacks are being aimed at online retailers,"
said Craig Young, security researcher for Tripwire (News
<http://www.tmcnet.com/tmcnet/snapshots/snapshots.aspx?Company=Tripwire> -
Alert <http://www.tmcnet.com/enews/subs.aspx?k1=%22Tripwire%22>). "Many
online businesses depend on holiday shopping revenue, and if they don't
have good security and backup plans and are victimized by ransomware, the
impact can be devastating."

Young identified the following five crucial steps online retailers can take
to protect themselves from ransomware:

   1. Keep plug-in software, especially shopping carts and blogging
   components, up-to-date at all times. As soon as a patch for a software
   vulnerability becomes available, cybercriminals have the information they
   need to start exploiting any systems that have not yet been updated.
   2. Make sure Web ervers are not the sole repository for the website's
   source code, data and security certificates. Keeping this content in a
   source code revision tracking system ensures that a Web server does not
   become a single point of failure. In the event of a ransomware attack, the
   owner does not risk losing the intellectual property contained in the
   website source code.
   3. Regularly replicate data files and databases so that the system can
   be easily restored on a fresh server in the event of a cyberattack.
   4. Minimize the software applications and services on production Web
   servers; it should not be used as a workstation. Ideally, nothing should be
   stored in home directories except for basic configuration files. This
   limits the potential risk for data loss.
   5. Various online services like Amazon Glacier and Iron Mountain (News
   <http://www.tmcnet.com/tmcnet/snapshots/snapshots.aspx?Company=Iron+Mountain>
   - Alert <http://www.tmcnet.com/enews/subs.aspx?k1=%22Iron+Mountain%22>)
   provide the ability to back up important data and can be used to recover it
   in the event of catastrophic loss. Alternately, the use of virtualized
   servers updated with snapshots of key data that occurs at regular intervals
   minimizes the risk posed by cybercriminals.

"In some cases, ransomware victims do not gain access to their files even
after paying the ransom," said Young. "It's much more effective to protect
your business against infections than to take action after you've been
attacked."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!