KimcilWare Ransomware
The KimcilWare Ransomware is a file encryptor that targets files associated with the Magento e-commerce Websites. While its choices of victims are unusually narrow, the KimcilWare Ransomware's other characteristics remain traditional to the ransomware model, including encrypting data, and using Bitcoin ransoms for 'selling' its decryption service. Victims should pay attention to the Magento-specific security standards, keep backups of all related files, and use traditional anti-malware products for deleting the KimcilWare Ransomware infections.
A Trojan Selling a Store Its Storefront
After being confirmed for its activities in March, the KimcilWare Ransomware is a threat that operates under the same hoax model as that of older file encrypting Trojans. However, what makes the KimcilWare Ransomware unique isn't its choices of attacks or its preferences in generating illicit profits, but who its author is sending it after; Magento Web store owners. The commonalities between victims include using outdated versions of the Magento retail platform, ranging from 1.9.1.0 to 1.9.2.4. As of January 2016, the latest version of Magento software is 2.0.2.
The KimcilWare Ransomware infections include the standard payloads of most file encryptors: targeting files by their formats and sending the data through difficult-to-break encryption routines. Most file encryptors prefer targeting media or work-related content, but the KimcilWare Ransomware targets files associated with the Magento Web pages explicitly. Each file also takes on a 'the KimcilWare' name extension. Naturally, the store becomes nonfunctional.
The KimcilWare Ransomware also makes one other change: it inserts a new index, which is its form of ransom message. The message requests Bitcoin payments and additional communications through an e-mail address. Malware experts have seen the latter already connected to other threats of the same type, such as a derivative of the Hidden Tear ransomware.
Giving Yourself a Ransomware Cure Ahead of Time
Preparation is key to stopping threats like the KimcilWare Ransomware from causing significant damage to your business or information. Because of its particular choice of targets, PC owners wishing to protect themselves from the KimcilWare Ransomware should be sure to update their Magento passwords to safe alternatives and use the latest version of the Magento software whenever possible. For the time being, malware experts also can link at least one the KimcilWare Ransomware distribution method to installable storefront extensions, such as Helios Solutions's Vimeo Video Gallery.
The KimcilWare Ransomware's author also has a history of using ransomware with inadequate decryption services. Since paying the KimcilWare Ransomware's fee runs a risk of buying the victim nothing in return, you always should try to use alternate methods of data recovery beforehand. Like any other file encryptors, the KimcilWare Ransomware can be blocked from causing permanent harm by using routine, redundant, and secure backup strategies. Because of its nature as a dedicated and threatening program, removing the KimcilWare Ransomware always should use anti-malware tools, regardless of whether or not you prevent it from doing any damage to your Magento store files.
Incidents like the KimcilWare Ransomware may remind Web retailers that their habits in business security can impact, not only their customers but also their businesses, data and profits.