Reply to post: Re: ... crypto key swap

Ransomware 2.0 'crypts website databases – until victims pay up

Anonymous Coward
Anonymous Coward

Re: ... crypto key swap

He said the original article, not The Register article:

https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html

"The web application was compromised six months ago, several server scripts were modified to encrypt data before inserting it into the database, and to decrypt after getting data from the database. A sort of “on-fly” patching invisible to web application users."

They do not change any existing settings/encryption keys, they changed the scripts driving the web application so that it encrypted data using their key (which the web application retrieved by HTTPS from the attackers server) before inserting/updating it and decrypted it on retrieval.

They then waited for that encrypted data to overwrite/roll into all the backups for 6 months before pulling the key on their server, preventing the compromised web application from decrypting the data until they pay up.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022