September 20, 2016
Redis Database May Open Door To Ransomware Attack
As you probably know by now, ransomware is a particularly insidious form of hacking attack whereby a target computer’s files are locked or held hostage in some way, and besides restoring from whatever backups you have, the only way to get the files back is to pay the ransom demanded by the hackers.
What you may not have heard is that there’s a new variant of this type of attack making the rounds on the internet. It’s an especially cruel variant for a couple of different reasons.
First, the software, known as FairWare, doesn’t target traditional ransomware targets like health care companies. Instead, it specifically targets web servers. It gains a foothold onto a web server, deletes all the web content that was once there, and leaves a ransom note in the form of a text file, providing the owner of the server and the content with payment instructions if they want to get their files back.
Unfortunately, the ransom note is likely a scam. Researchers investigating these attacks have found no evidence of file copying, meaning that the hackers have likely simply deleted the files. If you pay the money, you still won’t get your files back, meaning you’ll have to rely on your backups, if you have them, or rebuilt your website from scratch.
For some companies, this would be an annoyance, but a fairly trivial affair. For others, it could have business-ending consequences.
So far, the researchers have found that the attacks seem to be originating from corrupted Redis servers that have been exposed to the internet. Normally, these servers have no direct connection to the internet, but some 18,000 server owners have decided to expose them in recent years. Of those, more than 13,000 have been found to be corrupted, compounding the problem and making it extremely likely that we’ll see more attacks like this in the weeks ahead.
If you don’t have a good backup system in place to help protect the data on your company’s site, it’s long past time to do so. If you’re unsure, or not confident in your current ability to recover from an attack like this, call us today and one of our experts will be happy to speak with you to see how we can best be of service.