KimcilWare Ransomeware

KimcilWare Newly founded ransomware:

KimcilWare Dangerous For Magento Websites:

Magento Ecommerce websites are attacked by the KimcilWare new founded Ransomware.  This Ransomware encrypt the web servers by using Rijndael block cipher. KimcilWare was discovered by the Malware Hunter Team and Lawrence Abrams.

KimcilWare Ransomware have ability of effecting all the files that are on web servers , it alos upload malicious files to web servers. KimcilWare Ransomware can give full access of the affected website to its creator.

The files effected by the KimcilWare changes the extension of the files by .kimcilware. The files will be useless and cannot be read. KimcilWare upload its own index.html to the web server than when some one open that website which is hosted on that server will show up an error that ” Web Server Is Encrypted. Pay 140$ to Decrypt you webserver “. For payment Bitcoins info will be given also an email is linked there for contact and more info.

KimcilWare only effecting the magento websites, It never effect any other platform’s website yet. However , it is not confirmed that this ransomware is only design to encrypt the magento websites or also others. Security researchers have declared that there is some vulnerabilities in magento that;s why this ransomware found a way to encrypt magento platform’s websites.

Magento updated their users about the security alerts. They also released an patch for update the magento website. However , this is not confirmed that how this ransomware is effecting the websites. Magento providers have said that third party contents and plugins maybe are the cause of allowing the KimcilWare ransomware.


Magento service providers have stated that :

“While there are reports circulating about ransomware focused on Magento shops, we do not believe that there is a new attack vector, nor do we believe that this issue is specific to Magento, as this may turn out to be a more general web server vulnerability. At this time, this does not appear to be a widespread issue, as only 4 sites that we know of have been impacted and there has been no increase in that number since its initial discovery. There were also reports that the source of the attack could be a Magento extension. We removed that extension as a precaution and scanned for malware, but have found no evidence of malware.
As always, we remain committed to the security of our merchants and recommend that they ensure that they are following Magento Security Best Practices and have applied all available patches for the version of Magento that they are running. We post regular updates about potential security issues at our Security Center and encourage merchants to check there for news about any issues."