It’s a common misconception that if your website is a small one it has nothing to be hacked for. It’s not collecting payments or storing sensitive information, so what could a hacker possibly gain from attacking your small business website?
There are hundreds of reasons a hacker might be interested in your site. For example, they may want to use it as a platform to serve illegal files, or turn your server into an email relay for spam. Increasingly, cyber criminals are trawling the web for legitimate (but vulnerable) websites that can be used to circulate ransomware…
What is ransomware?
Ransomware is a piece of malware that blocks the victim’s access to his/her files. The only way to regain access is to pay a ransom (usually anywhere from £300+).
There are two types of ransomware currently in circulation:
- File-encrypting ransomware: malware that is used to encrypt (convert to code) the victim’s personal files, rendering them defective. The victim must pay a ransom to the hacker (usually in Bitcoins – a type of digital currency) in order to have the files decrypted.
- File-locking ransomware: malware that is used to lock the victim out of the operating system, making it impossible to access the desktop and any of the files. The files are not encrypted in this case, but the attackers still demand a ransom for the files to be released.
Things have escalated massively since the very first ransomware attack took place in 1989, and the trend only continues to grow. You may have heard about a recent attack that targeted the NHS, during which patients’ operations and appointments were cancelled as up to 40 hospital trusts were unable to access vital medical records. It is being described as the ‘biggest ransomware attack in history’.
How does ransomware affect my website?
For ransomware to work, hackers need to download malicious software onto a victim’s computer. This is then used to launch the attack and encrypt/lock files. One of the most common ways for the software to be installed on a victim’s device is through malicious adverts/links on websites just like yours.
Usually unbeknownst to the website owner, these otherwise legitimate sites have been infected with a malicious script that is used to redirect internet users to an ‘exploit kit’. This then tries to force-feed the victim’s system with a ransomware Trojan.
This kind of attack is usually targeted at websites running an outdated CMS or outdated plugins, in which security holes have been found but not yet patched. WordPress is an extremely attractive target for these attacks, as it currently powers 24.3% of the 1 billion websites on the internet. Over 20% of these run an outdated version of the CMS…
What can you do to stay protected?
If you run a website or blog that uses a CMS and/or any other additional plugins and programs, its essential to understand that patching your site and installing the latest updates as soon as they are released is key to ensuring basic cyber security – not only for your site itself, but your users and readers, too. Click here to learn more about securing your website.
Remember also that WordPress is not the only (or even the best) CMS solution out there. If you’re looking to explore other options and would like some advice, contact a specialist such as MA Design (Web Design – Cheltenham).
You may also like this magazine.