Securing Websites from Future Ransomware Attacks

On 12 May 2017, the world was struck by another Ransomware attack, an insidious malware that encrypts all the files on target computers and then demands a ransom to have it decrypted.

Ransomware attack is not something new. If you do a little bit of research on the internet, you would notice that the malware had been the center of discussion in the cyber security space for the last few years.

But none of these has been such a global menace. And while people started to put their attention on how to protect their system from getting encrypted by this terrible virus, there is one thing that is being overlooked by most (if not all.

As the attacks multiply, IT administrators and CISOs should look beyond the obvious. That is, protecting their website against cyber threats caused by viral transmission. Here’s what you need to know –

The Connection between Ransomware and Data Leakage

One of the two sources that Ransomware comes from – (1) Compromised website and (2) Email Attachments.

A compromised website, when infected becomes the host of an exploit kit. In the case of such websites, the virus gets injected into the website via vulnerabilities in third party software such as shopping carts or plug-ins. This then exploits the browser to reach your machine.

You can apply the same methodology in the case of phishing website, where a drive-by-download installs the ransomware to begin encrypting your file.

Similarly, there are malicious emails that come with attachments bearing the infected virus. The type of file can be as simple as a Microsoft Word or one with a renamed extension ending in PDF or an EXE.

Hackers can also send recipients a phishing mail that can look like it has been sent by their close acquaintance. According to a 2015 study, almost 56% of the people fall victim to the spear phishing practice.

When users are tricked into opening the attachment, the ransomware is installed.

Ransomware can also affect a website itself. With growth in technology, ransomware attacks have evolved from infecting computers to terrorizing websites.

In 2016, websites built on content management systems like WordPress and Joomla were reported to have been compromised by the CryptXXX, a type of ransomware virus. Most of these happen because 60% of the websites use outdated CMS platforms and extensible components. According to researchers at Force point, in most of the cases, the leading vector in most CMS applications come from third party integrations.

Most of these possess a password-protected web shell. That means hackers have already installed a backdoor program onto the web servers that have been illegally accessed.

To What Extent Can a Website be affected by Ransomware?

  • Advanced Encryption Standard

Once the attackers gain access to the server, the site files are encrypted using the AES and the append.encrypted. This renders the file useless.

Initially, the method had a flaw, where the AES key could be guessed by following the last modified date/timestamp on the files. This helped many websites to revert the data by saving the data.

Soon enough, the attackers became aware of this flaw. This led them to initially scramble the timestamps that rendered the decryption process useless.

Keeping a backup is therefore important. If you don’t have one, then you might find yourself rebuilding the entire website.

  • Cross contamination

If your website shares the same hosting environment with other websites then cross contamination is one such Ransomware attack that they can get subjected to. The best solution to this problem is to compartmentalize a website to prevent it from getting infected by the virus.

In the case of cross contamination, the virus will spread to any website sharing the same hosting server.

Website Backups are Important

The Rule of thumb in these cases is to patch the security holes quickly. You can do this by reverting to a recent backup. If you have a backup, you can restore the damage by updating all software and changing all administrator credentials.

What if you don’t have a website backup? In that case, there are some free software programs that you can use. Here are some names that you can take note of –

  • Filezilla – This is an open-source FTP client through which you can access your files
  • Adminer – A simple and secure tool for managing your database

Server admins can consider implementing the live shadow volume – a kind of RAID configuration.

Exporting Database from Old Servers

Ransomware affecting websites are limited only to website files and does not affect the database. You can try exporting the database from your old hosting server to a new and safe hosting environment and replacing site files with fresh copies. This will help to keep your content/posts intact. Make sure to change your password.

Putting Your Website behind a Firewall

Putting your website behind a firewall security will protect it from any unwanted security attacks. A firewall is a secured wall that stands between a trusted source ( i.e. your web hosting server) and an untrusted source (i.e. the internet). It is the wall that ensures that only the most trusted data passes through.

Here are three features that make the Firewall so important for a website’s security –

  • Data Filtration – Firewall consists of a set of filters that analyze the data coming in contact with the firewall
  • Proxy – The firewall functions as a valuable proxy service that makes sure that all the good traffic is passed through while stopping the rest from entering your website.
  • Inspection – The firewall analyzes all data coming to your site. The key elements are then identified and compared to a database consisting of trusted information. If the data is a match then the firewall will allow it to pass through the website.

Using Order Alerts

Fraud alerts protect your website from suspicious credit card charges. You also save time and money by minimizing your fraudulent orders.

  • Mismatched credit card information
  • Unmatched shipping and billing addresses
  • Rapid repeat orders from customers who using different payment cards
  • Orders from blacklisted countries

By using fraud detection tool, payment providers can reduce losses by –

  • Flagging suspicious orders that appear repeated
  • Declining transactions that carry incorrect payment details
  • Flagging International orders for verification before shipping

Stop storing Payment Data on Your Servers

Hackers are unable to access data that you don’t store. If your business relies on outside services who work on your behalf when it comes to website hosting, email marketing, order management, then make sure that they protect your data under secured systems.

Another alternative is using secured solutions namely –

Bottom Line

Security is a top most priority for any e-commerce websites today to ensure that their day-to-day business affairs are not interrupted by unwanted circumstances such as the Ransomware hack attack here.

Backing up all valuable data, protecting systems from hack attacks and encrypting data transmissions with SSL certificates are some of the ways you can protect your website from unwanted intrusion in future.

Image Courtesy:


Leave a Reply

Your email address will not be published. Required fields are marked *