Ransomware attacks are on the increase as reported previously*, but it seems that the threat of a DDOS attack may not be the only extortion muscle being employed.


High-Tech Bridge has published details of two breach investigations they conducted recently which have exposed an intricate cyber-extortion racket they have dubbed RansomWeb.

The anatomy of the breach is that a client’s website application is hacked with the result that over a prolonged period of several months, transactions are encrypted using the Hackers key.

Everything continues to work normally until the Hacker suddenly removes access to the encryption key. At this point, data stored using the hacker key is no longer accessible (it has been encrypted!) and because this has been going on for several months, resorting to a backup that pre-dates the hack is operationally unviable – too much data would be lost.

Stop the breach or Spot the Breach?

In terms of defending against such an attack, the likely attack vector used were stolen/hijacked FTP credentials. A password policy that aligns to security best practices is critical for these most sensitive access credentials – regular aging with stringent re-use restrictions, coupled with complexity and length parameters is the minimum requirement. Consider also greater restrictions to access – only allow internal access to the website filesystem, confined to only a minimal range of devices/IP addresses. Use of a Jump Server adds an additional layer to secure access, private keys can also be employed to further ‘fingerprint’ access to only authorized devices.

The second factor that HTBridge recommend is the use of file integrity monitoring. Their summary regarding FIM and RansomWeb is

“Can be easily detected by a file integrity monitor (however, very few companies do file integrity monitoring for web applications that may change every day”

This is where NNT innovations in File Integrity Monitoring for web applications offers a significant advantage over basic file integrity monitoring tools. By providing highly flexible and precise rules for both inclusions and exclusions, NNT FIM will only alert when critical system and configuration files change. Even then, because Change Tracker’s Closed-Loop Intelligent Change Control technology will automatically distinguish between Planned and Unplanned changes.

This makes NNT Change Tracker a perfect breach detection system for web applications, even where the application is being regularly changed.


To read more about NNT Change Tracker

To read more about RansomWare – High-Tech Bridge forensic investigation

To read more about RansomWare – The Register

To read more about Will 2015 be the year of DDOS Extortion? New trojan out to attack Linux platforms

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.