Today is a normal day, but little do you know what is about to happen. You go to your website during your morning routine and you are shocked. All you see is a simple message “Warning, your website has been taken! Pay $100 to my bank account #1004505 or lose it forever.”

Your website has been taken by ransomware. In a panic, you call your web team and ask for help. “How do I get my website back?!”

What is Ransomware?

Don’t let your website get ransomed. Let’s take some time to understand what ransomware is and focusing on preventing it from taking your website hostage.

Ransomware works the same way physical ransom works but in the digital space. In the real world, a ransom works in this way:

  1. Someone steals from you and hides what was stolen.
  2. A note is left telling you how to pay.
  3. You pay the thief with no guarantee of return.
  4. Or, you call for a security team with no guarantee of return.

Digital ransom might feel different from a physical ransom but it really is the same. With ransomware the thief:

  1. Moves your website to a secret location.
  2. Replaces your website with a program telling you how to pay for what was stole. This is the digital version of a thief leaving a note.
  3. You pay up with no guarantee of return.
  4. Or, you call for a security team with no guarantee of return.

In both the physical and digital space there is no guarantee you will get back what was stolen. However, with the right planning ahead of time you can be sure ransomware won’t send you into a panic.

Prevent Ransomware Panic

To remove the panic of ransomware:

  1. Have regular backups of your website sent to multiple locations. Backups are your first line of defense against ransomware.
  2. Keep your website, computers, and systems up-to-date.
  3. Create and test a website recovery system.

A Real Example

At Robojuice, we have seen ransomware in different forms. For example, we recently encountered an attack on a website that has its database stolen. (a database is where all of a websites pages, blog posts, email addresses, user accounts, and other information might be stored. Everything you add to your website needs to be stored somewhere and that place is in the database)

Here is a photo of a healthy database before an attack, I’ll explain what you are looking at soon:

See all the yellow icons on the left. These icons are called database tables. For example:

  • “wp_comments”  is a database table and that table stores all the comments people make on the WordPress blog that uses this database.
  • The table named “wp_posts” stores all the blog posts of the website.
  • “wp_users” stores all the user accounts including usernames, emails, and password.

Simply put, the database stores everything that is important to the website.

Now, what happens to the database when it becomes ransomed? Take a look.

See how all the yellow icons are missing and only one is left? A hacker stole this database and left a note. The note left on this website was ransomware. The ransomware was a little program that created a new database table called “WARNING” and required payment to a specific BitCoin account to get the good original back.

How Was It Hacked?

This example was an old website that was not being visited. Over time software updates were released to fix newly discovered security holes but no one updated the site.

Eventually, the outdated system was sniff-out by a robot like a hound on the hunt.

The robot, programmed by a hacker, found the site and started its attack. It attacked the site from different angles trying to find a weakness. Those attacks would have included:

  1. Brute force attacks where the program tried thousands of username and password combinations in only a few seconds.
  2. SQL injection attacks cause a website to execute specific code it was not designed to handle. SQL attacks are specific attacks against a website’s database.

When the SQL attack was launched against the example site it gave way. The website allowed the robot to steal the database and leave the note with the ransom notice attached.

How Does the Hacker Get Away With Your Money?

In short. BitCoin. BitCoin is not something to be ignored. Dave Ramsey has talked about it, Bill Gates has talked about it, and the media has covered BitCoin.

BitCoins can not be frozen like a bank account making them ideal for hackers. This doesn’t mean that hackers can not be caught with their BitCoins. However, it does give them more flexibility since they do not need a bank account to accept currency online.

Overall, ransomware is a real threat but if you have the right systems in place you can be ready. Be sure you talk with your team about how to overcome ransomware and ensure your recovery systems have been tested and are working.

 

 

 

by Kevin Dees on August 8, 2017.