Following the news of ransomware attacks which were apparently targeting Magento-powered websites, the developers of the ecommerce platform have released patches to protect against the malware, and have also removed an extension which they are concerned may have provided the malware developers with an attack vector.
The ecommerce platform developer hopes that the patch will prevent more webmasters from falling victim to the malware, which encrypts any files that it can access on the web server, and demands that website owners pay a bitcoin ransom in order to get access to the files.
The attackers would encrypt all the files that they could reach and replace the index file with one which refers the website owner to a ransom note, with a bitcoin address to which to send the payment. The message reads “All your webserver files has been locked. You must send me 1BTC to unlock all your file…”
The first known attack occurred on the 11th February, and there have been several others since then, although Magento itself says that it is only aware of four retailers which have been infected. It emphasises that it believes the attack is not due to a flaw in its code or the removed extension specifically, but rather a general web server vulnerability. However, to protect users it is taking as many precautions as possible.
Magento has also emphasised that it is important that webmasters apply all of the security patches available for their version of Magento. Store owners who leave their websites unpatched are taking significant risks with the safety of their customers’ data.
Magento is not the only platform to have seen a spate of attacks. Last year, Newegg Inc, which uses a different platform, was the target of hackers who used similar ransomware tactics. Fortunately, Newegg was able to resolve the attack without having to pay the ransom.
Complex systems such as Magento rely on pre-built modules for which the code is readily available. This can be both a blessing in terms of the flexibility that it offers, and a problem in the sense that it allows hackers the ability to examine the code and find potential weaknesses.
In the open source community, vulnerabilities are usually found quickly and are easily patched. However, it is up to the owners of the individual websites to be proactive and apply the patches when they are released.