New Ransomware Kimcilware threatens Magento sites

A new infection has struck a handful of Magento stores, encrypting all Magento files, shutting down the store, and replacing the homepage with a ransom note demanding $140-400 in Bitcoin:

The method of infection is unknown as of yet, but the  Helios Vimeo Video Gallery extension has been implicated, and taken down by Magento as a precuationary measure.

Fortiguard Lion Team claim to have uncovered the Indonesian group responsible for the attack and possible methods of decryption.  This solution appears to be only theoretical for now, as the post doesn’t include results.  Fortiguard suggests a means of finding the encryption key, without which the Rijndael encryption used is thought to be effectively impossible to break.

Store owners are advised to be cautious. Use good password policies, and keep all installations and extensions up to date.

h/t Softpedia

Artur April 7, 2016