It seems that Magento eCommerce websites are yet again finding themselves being targeted by a new strain of malware, this time a ransomware strain that encrypts files on the web server and doesn't give up the encryption key unless a ransom is paid. It is not yet known exactly how this ransomware is being propagated, but it's a good time to make sure that your Magento installations are up-to-date, patched, and that all admin accounts are using secure passwords. It's also a good time to make sure you have good, working backups as well, in case you're forced to restore them. (For more on how to secure your website, read 11 Steps to Improve your Website Security)
Magento, being one of the most popular eCommerce platforms, gets a lot of attention from attackers and this trend looks like its set to continue. Downtime suffered from an infection of this ransomware - which would effectively disable your website - could be extremely costly not just in lost orders, but in a loss of reputation as well.
According to security researchers from MalwareHunterTeam, the ransomware is targeting websites with the intention of encrypting servers linked to Magento and demanding a ransom payment. In a blog post on Bleeping Computer, the team said KimcilWare, used by a threat actor dubbed tuyuljahat, is installed via a script which encrypts all data and can be spotted through the .kimcilware extension, which is added to all locked files.