Hike in New Type of Ransom Attacks

Monday, June 13, 2016 @ 05:06 PM gHale


Ransomware holds individual victims hostage by encrypting their data until they pay off some type of ransom.

RansomWeb, on the other hand, is where bad guys encrypt website databases and hold them for ransom. These new types of attacks are now on the rise, researchers said.

RELATED STORIES
New Ransomware Hits, But Asks Small Fee
Ransomware Ups its Game
Ransomware Regenerates Every 15 Seconds
New Ransomware with Different Approach

RansomWeb attacks first ended up detailed by web security provider High-Tech Bridge back in January 2015.

In some of the attacks observed by the security firm, hackers encrypted data on-the-fly before it inserted into the database.

By encrypting data over long periods of time, attackers can remain undetected and ensure website backups end up overwritten with encrypted content to prevent victims from recovering their files without paying the ransom.

Web security trends compiled by the company for the first half of 2016 show high risk vulnerabilities, such as SQL injections, end up leveraged for RansomWeb attacks five times more frequently compared to 2015.

Ilia Kolochenko, chief executive and founder of High-Tech Bridge, said RansomWeb attacks have mainly been targeted at large organizations with business-critical web applications.

“The easiest and fastest to hack, insecure web applications are becoming the major threat across the Internet. Aggravated by weak web server configuration and unreliable SSL/TLS encryption, vulnerable web applications are actively exploited by cybercriminals to conduct APTs against multinationals and governments, as well as to extort ransom from individuals or SMBs,” Kolochenko said.

High-Tech Bridge found more than 60 percent of web services and APIs designed for mobile applications end up plagued by at least one high-risk flaw that allows attackers to compromise databases. Furthermore, experts determined, in 35 percent of cases, websites affected by XSS vulnerabilities also contain more serious weaknesses, such as SQL injections, XXE or improper access control.

Even XSS vulnerabilities, which many consider less serious, can end up leveraged by attackers.

Researchers found only less than one-third of web servers have full updates and all security and stability patches installed.

“In the near future, we can expect a significant and continuous growth of RansomWeb attacks against website owners, and Ransomware attacks against website visitors,” Kolochenko said. “Actually, ransomware is not a technical problem, but a business model problem: While it will remain the easiest way to extort money, it will continue skyrocketing.

Click here to download the High-Tech Bridge report.