New Spoof RansomWare

New Malware has been found that is cross platform, so it works on Windows, Apple and Linux systems. It can also get in to web servers and deletes any MySQL, Mongo, Maria and Couch databases it can find causing websites and software to not work, then displays a ransom note asking for money to be paid. Once paid you would think they would give you back the data, but not this time. This is Spoof Ransomware and as it deleted the tables and did not encrypt them, therefore it cannot give them back to you. At the time of writing this there are 46 known cases of people who paid up an average of $125, totalling around $6000 but not one of them has received their data back, funding this probable organised crime gang (in China), with no hope of getting their data back. Furthermore, once it is on the server it can then start to infect other computers through the browser with a version that will work on your system and once in to your computer it will do a variety of things, from deleting data and asking for money, to installing a botnet (on Linux machines) and mining crypto currencies, stealing your computer resources such as CPU time, Memory and hard drive space, making your computer run as slow as possible.

Watch out for more information on this as new comes out, we only heard about this particular malware called Xbash.

How to protect yourself

To protect your computer systems and networks be sure you have your computer fully patched and running some antivirus software and firewall; on Windows PCs you should be able run the free built-in antivirus software and most PCs will have a built-in firewall which with it updated should be enough. The biggest issue is getting your firewall to not accept incoming connections for services on a server or PC that you don’t need to have. By default some servers have all ports for all services open to everyone, such as MySQL. If you don’t really need it to be open then close it and where possible if you need it to be open, then tie it down to as few connection locations as possible.

Get some antivirus software for your server and for your site. In most environments each website is in its own virtual space and so having some effective security protection for each site is important. Something like cWatch Security, available here, is a good starting point.

All of our hosting accounts now come with a FREE copy of cWatch Basic to help mitigates against these types of attack. If you already have a website hosted with us then you can claim you FREE copy of cWatch Basic as well and we will even help you to install and set it up as we believe that this is critical to protecting your website, your visitors and your reputation. Please check your Addons section or submit a support ticket if you would like some help with this.