Cybercriminals are using hacked websites to generate an online income. The ransomweb technique focuses on encrypting the databases of the hacked websites. The owners of the website (database) will be informed about the fact that their website database(s) has been encrypted with a password and that they will have to pay a specific amount of money to regain access and control over the hijacked databases.
The ransomweb method is unique in the way that it seeks for unsecured databases on the internet and we all know that on the internet there are thousands of websites which are not up to date with the latest patches and upgrades. The cybercriminals which are behind the ransomweb attack are able to perform automated scans on the internet for unsecured websites. Once the cybercriminals gain access to the targeted domains they will use the domain to generate an online income.
Why do hackers hack websites
The cybercriminals and hackers will target websites and databases for various reasons. The reasons could be for fame, money, fun or practice. The ransomweb attack focuses on the money aspect. The hackers will try to force the victims to pay a specific amount of money.
So how can you protect yourself against Ransomweb
There are various steps which need to be taken against attacks like Ransomweb. The Ransomweb attack exploits the weakness in websites and environments which use databases or hold files which are important. So for example, if you are running an out to date environment which holds data, you might become the victim of a ransomweb attack.
Software and hardware often come with manuals and guides. All the guides state that it is wise to update the software or hardware to the latest version. This is because in the latest version, the KNOWN errors which cause vulnerabilities are fixed. So if you are running an out dated version, hackers will be able to identify the vulnerability in the software or hardware.
Patches are often released by vendors to secure their products. If you are using for example, WordPress to manage your website, then it is wise to opt-in for the latest WordPress details and updates.
There have been cases just like the ransomweb attack. The ransomweb attack demands a specific amount of money from the victims. This is called ransom. Now we also have ransomware which is hitting unaware desktop and mobile users. The ransomware tries to convince the victims that their files have been locked or that a government agency is searching for them and in order to stop this, the victim needs to pay a ransom.
Now in the most cases, anti-virus vendors have created solutions against ransomware attacks, but it hard for vendors to protect the databases of the clients; if the client are not using the latest patches and updates.
The security professionals are seeing a new trend which is going to develop. The ransomweb attacks are way more effective than DDoS attacks and the attacks can be performed on various targets at the same time. A simple Google Dork will show thousands of vulnerable websites which can be targeted by the ransomweb attacks.