Reply to post:

Ransomware 2.0 'crypts website databases – until victims pay up

Anonymous Coward
Anonymous Coward

From the original article -

>The web application was compromised six months ago, several server scripts were modified to encrypt data before inserting it into the database, and to decrypt after getting data from the database. A sort of “on-fly” patching invisible to web application users.

>Only the most critical fields of the database tables were encrypted (probably not to impact web application performance a lot). All previously existing database records were encrypted accordingly.

This means that you can restore the database with the encryption keys in your pocket but only the critical fields in the database will be encrypted using the bad guy's encryption keys. You will not only need to restore a backup but to also use a clean and secure environment to test the data.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022