What you may not have heard is that there’s a new variant of this type of attack making the rounds on the internet. It’s an especially cruel variant for a couple of different reasons.
First, the software, known as FairWare, doesn’t target traditional ransomware targets like health care companies. Instead, it specifically targets web servers. It gains a foothold onto a web server, deletes all the web content that was once there, and leaves a ransom note in the form of a text file, providing the owner of the server and the content with payment instructions if they want to get their files back.
Unfortunately, the ransom note is likely a scam. Researchers investigating these attacks have found no evidence of file copying, meaning that the hackers have likely simply deleted the files. If you pay the money, you still won’t get your files back, meaning you’ll have to rely on your backups, if you have them, or rebuilt your website from scratch.
For some companies, this would be an annoyance, but a fairly trivial affair. For others, it could have business-ending consequences.
So far, the researchers have found that the attacks seem to be originating from corrupted Redis servers that have been exposed to the internet. Normally, these servers have no direct connection to the internet, but some 18,000 server owners have decided to expose them in recent years. Of those, more than 13,000 have been found to be corrupted, compounding the problem and making it extremely likely that we’ll see more attacks like this in the weeks ahead.
If you don’t have a good backup system in place to help protect the data on your company’s site, it’s long past time to do so. If you’re unsure, or not confident in your current ability to recover from an attack like this, call us today and one of our experts will be happy to speak with you to see how we can best be of service.