Ransomware is a growing problem that is now affecting websites around the world. This newly-discovered ransomware variant called Linux.encoder attempts to infect Linux-based machines, specifically the folders associated with serving web pages. The malware requires administrator privileges to run and once it lands on a server, it encrypts any files, images, pages, scripts and source code it finds. It leaves behind a text file detailing how victims can pay the single Bitcoin ransom in exchange for a key to decrypt the files.
After paying the ransom, you expect your website would be restored and would be free of malware, but will it be? To be entirely sure, you should expect that, if you get hit by this ransomware, you are not going to get your website back.
What can you do about it?
- Back up your website files
It has always been, and always will be, best practice to protect against data loss with regular backups. Ask your website hosting provider to immediately back up your website files, if you don’t host your own website in house. Back up the files to an external drive or backup service, one that is not assigned a drive letter or is disconnected when it is not doing backup. Be sure to develop and implement a regular backup regimen. That way, no matter what happens, you will always be able to restore your website quickly.
- Create a complex password.
The responsibility of webmaster can change hands through turnover and mergers, so be sure you have a record of your current password and that the password used is complex. Hosting providers are reluctant to disclose passwords and it could take months to recover it.
- Update your website’s contact information.
Keep your domain names’ registrant, administrator, technical, and billing contact information (also known as your Whois information) updated at all times. Also, ensure that your domain registration is locked which prevents anyone from transferring your account or modifying it in any way (DNS modification, renewals, etc.) without your knowledge.
These three tips are meant to deal with website ransomware. Contact us if you are concerned about how to protect against other forms of ransomware.