Skip to main content

Redis Database May Open Door To Ransomware Attack

By September 20, 2016May 25th, 2021Blog, Cybersecurity

redisxdatabaseAs you probably know by now, ransomware is a particularly insidious form of hacking attack whereby a target computer’s files are locked or held hostage in some way, and besides restoring from whatever backups you have, the only way to get the files back is to pay the ransom demanded by the hackers.

What you may not have heard is that there’s a new variant of this type of attack making the rounds on the internet. It’s an especially cruel variant for a couple of different reasons.

First, the software, known as FairWare, doesn’t target traditional ransomware targets like health care companies. Instead, it specifically targets web servers. It gains a foothold onto a web server, deletes all the web content that was once there, and leaves a ransom note in the form of a text file, providing the owner of the server and the content with payment instructions if they want to get their files back.

Unfortunately, the ransom note is likely a scam. Researchers investigating these attacks have found no evidence of file copying, meaning that the hackers have likely simply deleted the files. If you pay the money, you still won’t get your files back, meaning you’ll have to rely on your backups, if you have them, or rebuilt your website from scratch.

For some companies, this would be an annoyance, but a fairly trivial affair. For others, it could have business-ending consequences.

So far, the researchers have found that the attacks seem to be originating from corrupted Redis servers that have been exposed to the internet. Normally, these servers have no direct connection to the internet, but some 18,000 server owners have decided to expose them in recent years. Of those, more than 13,000 have been found to be corrupted, compounding the problem and making it extremely likely that we’ll see more attacks like this in the weeks ahead.

If you don’t have a good backup system in place to help protect the data on your company’s site, it’s long past time to do so. If you’re unsure, or not confident in your current ability to recover from an attack like this, call us today and one of our experts will be happy to speak with you to see how we can best be of service.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.