Magento, the most popular e-commerce platform is used by 2, 00,000 companies at global level. It provides the unbeatable e-commerce solutions which includes retail solutions online, community tools, and backend order management. The recent documented threat for this Website is the introduction of ‘kimcelware’ by the attackers and ransome demand.
The statement in the Threatpost reveals that attackers are targeting the general web server vulnerabilities and Magento is included. It is proved that the hackers exploit the vulnerabilities in the Magento e-commerce platform by installing the kimcilware ransomware over the webserver. Further, they block the ciphers to encrypt website files and demands bitcoin payment that ranges somewhere between 140 to 415 dollars for decryption.
The first known attack date backs to 11th February, this year detected by MalwareHunterTeam and they have discovered ten sites so far. MalwareHunterTeam points that KimcilWare, coded in PHP targets websites. Moreover, it has discovered that that hackers gain access to the targeted servers through web shells. The web shells are small scripts installed by the attacker on vulnerable servers initially which is followed by running system commands via web-based interface. As it encrypts all the data on the Magento server with .kimcilware extension, it is easy to spot. Further, the attackers insert an index.html file for ransom note demands. The BleepingComputer, yet another security firm has documented the attacks.
The researchers are of opinion that kimcilware appears to be a variation of the Hidddenware, an abandoned open-source ransomeware, that was primarily created for educational purposes.