KimcilWare Ransomware Hits Magento Sites - How to, Technology and PC Security Forum | SensorsTechForum.com

KimcilWare Ransomware Hits Magento Sites

Websites using the Magento platform have been hit by ransomware. Once infected, the sites are deemed unusable. The ransomware is called KimcilWare and encrypts webserver files. After encryption, it adds its index file on victim servers that can be viewed from the domain of the respective site. The extension .kimcilware can be seen all over that Index page.

STF-kimcilware-kimcil-ware-ransomware-site-encrypted-files

For now, KimcilWare ransomware’s method of infection and its distribution are unknown. Although exploit kits are known to have attacked Magento sites in the past and certain vulnerabilities were found on the e-commerce platform, this is a new kind of attack.

Technical Details about KimcilWare Ransomware

As this is a fairly new ransomware that is expected yet to evolve, there is not much information about it. The things that are known will be outlaid below.

KimcilWare encrypts files on webservers. When the encryption is done, the ransomware adds its own index file on the infected server. An image is shown above. The extension .kimcilware is added to the encrypted files. About ten sites are reported to have fallen victim to the attack.

$140 are asked as ransom payment, as you can see from the ransom message:

kimcilware-ransomware-hits-magento-ransom-note

Image Source: news.softpedia.com

A user on Magento’s official forums reports what the ransomware creates a file containing the full ransom note called README_FOR_UNLOCK.txt.

The file reads the following:

###
ALL YOUR WEBSERVER FILES HAS BEEN LOCKED
You must send me 1 BTC to unlock all your files.
Pay to This BTC Address: 1859TUJQ4QkdCTexMTUQYu52YEJC49uLV4
Contact [email protected] after you send me a BTC. Just inform me your website url and your Bitcoin Address.
I will check my Bitcoin if you realy send me a BTC I will give you the decryption package to unlock all your files.
Hope you enjoy 😉
###

Paying the ransom is NOT advised. Nobody can guarantee that your webserver files will get decrypted after payment. The money will go to the ransomware creators, and that could easily spiral into a new ransomware variant.

Prevent KimcilWare Ransomware from Infecting You

To prevent an infection from the KimcilWare ransomware, admins of Magento websites should make sure they have a strong password set for their accounts. Also, keeping Magento store versions updated as quickly as possible is sound advice. Having an anti-malware tool installed is always a good idea.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.