For a particular type of morally bankrupt individual, the idea of ransomware must appear to be a stroke of brilliance. For everyone else, ransomware is the stuff of nightmares. That goes double for eCommerce merchants, for whom their store and its data is their business and livelihood. The loss of data to a ransomware attack puts eCommerce merchants in an unpleasant position: to pay or not to pay? In this article I want to talk about how merchants can avoid being put in that position in the first place.
First, what is ransomware? In short, an eCommerce ransomware attack exploits vulnerabilities in an eCommerce store or server software to install malware which then encrypts the data on the server before presenting the merchant with a demand for payment. If the merchant pays, the attacker will send a key to decrypt the data. If they don’t pay immediately, the attacker often increases the price.
It’s important to understand is that once your store is the victim of ransomware, there’s very little that can be done to retrieve the lost data short of paying. The attackers use state of the art cryptographic technology, often the same technology eCommerce merchant use to protect their data. Decryption without the key is unlikely in the extreme, and getting the key without paying is almost as unlikely. There have been cases where security researchers have retrieved keys from command-and-control servers and other sources, but that’s not a chance eCommerce merchants should bet on.
By far the best option is to avoid getting the ransomware malware on your server in the first place.
Keep Your Store And Server Up-To-Date
Most ransomware attacks exploit vulnerabilities in the software on the server. It can be vulnerabilities in the eCommerce application itself or in the underlying software stack. If your store is hosted with a managed eCommerce host, they will take care of the underlying operating system and services, but you may have to apply updates to the eCommerce application, and any extensions you have installed.
In a recently reported spate of ransomware attacks against Magento eCommerce stores, it’s suspected that a relatively old and long-patched vulnerability is to blame.
If you’re a Magento user, it’s a good idea to follow Magento Security Center updates, which will let you know when you have to apply patches to close security vulnerabilities.
Ransomware works on the assumption that once data is encrypted on the server, you will no longer have access to it. If you regularly backup your data to a third-party service or offsite location, that assumption collapses. A robust backup strategy helps protect your site against all manner of disasters, ransomware included.
While the idea behind ransomware might be particularly frightening, mitigation advice is no different than with any other malware risk. Follow eCommerce security best practices and ensure that all your eggs aren’t in one basket.