KimcilWare

One example of the KimcilWare variant.

Image Source: Bleeping Computer

KimcilWare targets websites using the Magento eCommerce platform. The exact method of compromise is currently unknown, but files located on the victimized web server are encrypted with Rijndael 256. Additional analysis reveals that KimCilWare opens up a backdoor into the server and allows attackers full control over the targeted website. This variant uses one of two scripts to encrypt the targeted files. One script changes the file extensions on all encrypted files to .kimcilware and the other script changes them to .locked. The first script demands a ransom of $140 USD and the second demands 1 Bitcoin.

  • Bleeping Computer provides more information about KimcilWare here.
     
  • Fortinet provides technical analysis on KimcilWare here.
     
  • The NJCCIC is not aware of any decryption tools available for KimcilWare.