A new cyber threat victimizing users is the 'RansomWeb' attack, which leaves compromised websites encrypted - and they will remain that way until the victim pays a ransom to cyberattackers. The threat was first detected by cybersecurity firm High-Tech Bridge, investigating a client website, which displayed a database error.
The cybercriminals demanded a $50,000 ransom in exchange for decrypting the database, despite it being compromised six months prior. A closer inspection found that several server scripts were edited so data was encrypted before it was submitted to the database, and data was decrypted after being pulled from the database.
Instead of an immediate ransom demand - like ransomware attacks against business users - the cybercriminals patiently waited until backups were also overwritten.
"We are probably facing a new emerging threat for websites that may outshine defacements and DDoS attacks," said Ilia Kolochenko, CEO of High-Tech Bridge. "RansomWeb attacks may cause unrepairable damage, they are very easy to cause and pretty difficult to prevent. Days hwen hackers were attacking websites for glory or fun are over, now financial profit drives them. The era of Web blackmailing, racket and chantage is about to start."