Introduction
Ransomware attacks have become a major cyber threat in recent years. Traditionally, ransomware targeted individual users by encrypting files on their personal devices. However, cybercriminals are now increasingly targeting commercial websites with ransomware attacks. These attacks can have severe consequences for businesses by disrupting operations and extorting large sums of money.
What is Ransomware?
Ransomware is a type of malicious software that locks or encrypts files on a device or server. The attackers then demand a ransom payment in cryptocurrency to unlock the files. If the ransom is not paid, the files remain encrypted and inaccessible.
Ransomware typically spreads through phishing emails, compromised websites, or drive-by downloads. Once installed, it will silently encrypt files in the background, only revealing itself when most or all files are encrypted.
Emergence of Ransomware-as-a-Service
The advent of Ransomware-as-a-Service (RaaS) has enabled even unskilled attackers to launch ransomware campaigns. RaaS allows cybercriminals to simply pay for access to ransomware kits on the dark web. This has dramatically lowered the barrier to entry for widespread ransomware attacks.
RaaS kits provide user-friendly dashboards for ransomware operators. The operators can configure their ransom demands, payment methods, and manage their victims. RaaS has essentially commercialized ransomware, fueling its dangerous spread.
Targeting of Commercial Websites
While ransomware has traditionally targeted endpoint devices, attackers are now increasingly targeting web servers and websites. High-profile examples include:
-
Media Lamporea – Encrypted news websites in Portugal and Brazil in 2020, demanding large ransoms in Bitcoin from media companies.
-
REvil/Sodinokibi – Launched attacks against celebrity law firms and web hosting providers in 2020. Prevented websites from loading until ransoms were paid.
-
DarkSide – Disrupted operations for the Colonial Pipeline company in 2021 by encrypting internal web applications and data.
Ransomware groups can now earn greater payouts by targeting commercial websites with high traffic volumes or sensitive data. The business downtime can cost companies millions per day, pressuring them into paying ransoms.
Techniques Used to Compromise Websites
Cybercriminals use various techniques to infect websites with ransomware:
-
Exploiting vulnerabilities – Unpatched Content Management Systems like WordPress or insecure plugins can allow attackers to gain access and install ransomware.
-
Compromised credentials – Brute-force attacks, password dumps, or phishing can allow attackers to log into web servers with compromised credentials.
-
Malicious ads – Malvertising campaigns can redirect website visitors to ransomware landing pages to infect site visitors.
-
Third party compromise – By compromising web hosting providers, domain registrars or CDNs, attackers can infect thousands of websites in one go.
Impact on Businesses
Ransomware attacks on live production websites can have catastrophic consequences for businesses:
-
Revenue loss – Websites going offline results in lost sales, bookings, ads revenue etc. amounting to millions per day.
-
Reputation damage – Customers lose trust in the company if they are unable to access the website or have their data stolen.
-
Legal liability – Companies may face lawsuits or regulatory fines if they fail to prevent ransomware impacting customer data.
-
Costly recovery – Rebuilding compromised websites and servers is an arduous and expensive process. Lost data may be unrecoverable.
Protecting Websites from Ransomware
Businesses can adopt these practices to mitigate the risk of ransomware attacks on their websites:
-
Keep all software and plugins updated and patched to eliminate vulnerabilities.
-
Use strong passwords and multi-factor authentication to prevent credential stuffing attacks.
-
Backup website files and databases regularly in case recovery is needed. Store backups offline.
-
Limit access to servers and block traffic from unknown IP ranges.
-
Monitor servers for suspicious activity and unauthorized changes.
-
Use a web application firewall to filter out malicious requests.
-
Employee training to promote good cyber hygiene and spot potential phishing lures.
Conclusion
Ransomware has proven to be a highly effective cyber threat against enterprises. As more ransomware groups begin to target production websites, businesses need to prioritize protective measures. Implementing strong access controls, backups, hosting security and staff training is key to limiting website ransomware risk. However, businesses should also develop incident response plans in case their defenses fail. Paying ransoms should be an absolute last resort, as this further fuels cybercrime.