KimcilWare Ransomware Attacks Magento Store

Please fill this form, We'll reply within 24 Hrs.


Do you have a Magento Store? If yes, then you have to be alert about the new threat “KimcilWare Ransomware” that is possibly dangerous for your store security. KimcilWare is a web-based ransomware that could theoretically infect any platform. It is still not clearly suspected its attack on other platforms like Android, Windows, and Mac, presently researchers are focusing on Magento shops.

This new threat KimcilWare appends .kimcilware extension at the end of each Magento store file, thereby making your store non-functioning. Additionally, an index file is also added to the server by this ransomware. It also prints a black page replacing the store homepage; reading a headline with “Webserver Encrypted” text in red color. This happens due to SSL connectivity issues.

It gives a ransom note of “Your webserver files has been encrypted with a UNIX algorithm encryptor. You must paw 140$ to decrypt your webserver files. Payment via Bitcoin only. For more information contact me at tuyuljahat@hotmail.com.”

Some Clue on Ransomware

Researchers added, “They found ten stores were getting this message so considers following topics to get some clue. First appears on a Magento Store running in 1.9.1.0 version happen to describe in StackExchangewhere it infected only one site running multiple Magento stores on a server and second is identified on Magento store running in 1.9.2.4 version as described in a Magento Official Forum<Helios Vimeo Video Gallery extension as infected.”

Currently, Magento has kept the Helios Vimeo Galley Extension for its observation.

How Ransomware Attacks?

In the following two cases, you can find out how this .kimcilware extension has affected the Magento store files.

The first script will encrypt your Magento store data files and append .kimcilware extension to all those encrypted files, adds an index.html file to display the ransom note as shown above.

This image is an example of the encrypted files from KimcilWare.

Encrypted Files From KimcilWare

 

The second encryption will take place by appending .locked extension. Here, it creates a README_FOR_UNLOCK.txt in every folder which contains the ransom note as shown below.

ALL YOUR WEBSERVER FILES HAS BEEN LOCKED

You must send me 1 BTC to unlock all your files.
Pay to This BTC Address: 111111111111111111111111111111111
Contact tuyuljahat@hotmail.com after you send me a BTC. Just inform me your website URL and your Bitcoin Address.
I will check my Bitcoin if you really send me a BTC I will give you the decryption package to unlock all your files.

Hope you enjoy 😉

What Store Should Owners Do?

Magento Store owners should immediately update their store to latest Magento Store version and set a strong admin password for their admin account. Check Magento website to install the latest security patches.

Are you unaware of Magento Store insider security threat? Does your store attack by malware? Hire our Magento Support Experts who address all technical security issues and observe the cyber criminals activities to prevent your business loss. We do continuous monitoring of store so you can concentrate on your business. We ensure all latest security patches are installed on our client’s website. Our Support team becomes actionable as soon as when required.

Bulletproof Your Online Store with Magento SUPEE Security Patches
Best Way To Protect Magento Store From Ransomware Attack

Leave a Reply

Your email address will not be published. Required fields are marked *

Please fill this form, We'll reply within 24 Hrs.


Please fill this form, Mr.Yogesh will reply by email asap.


Please fill this form, Mr.Darshit will reply by email asap.


Please fill this form, Mr.Jayesh will reply by email asap.


Please fill this form, Mr.Jiten will reply by email asap.


Free eGuide

Ultimate Guide on Magento 2 Shipping Methods

Shipping Methods also play a very vital role in an eCommerce store, to make it a success.
DOWNLOAD NOW