Crypto-ransomware Targets Magento Sites

A new form of crypto-ransomware that targets Magento can encrypt contents and demands a ransom paid in Bitcoin.

This means all files in your web directory as well as databases including your customer information, orders, credit card numbers, etc. become unreadable until you have paid the ransom.

It is imperative that you update your Magento site immediately.  Failure to update the latest security patch could leave you devastated.    This is what the opening message looks like:

The malware specifically looks for Apache and Nginx installations as well as MySQL installs in the directory structure of the targeted systems.  It also seeks log directories and the location of webpage contents before ultimately going after a variety of file types—including Windows executables, program libraries and Active Server Pages (.asp) files, and SQL, Java, JavaScript, and document files.  If the victim makes a payment, the malware itself will then initiate decryption of the files.  The malware decrypts them in the same order that it encrypted them, deleting the encrypted versions of the files along with the ransom note text files.  More information can be found here:  http://magento.com/security-patch

Tom P November 10, 2015