Saturday, November 5, 2016

Indonesian Malware Targets Magento-based Online Stores

A member of an Indonesian hacking group has authored ransomware that attacks Magento based online stores.  This ransomware has been used in ransom schemes to control Content Management Service (CMS) type applications until ransom is paid to unlock.  The scheme has been successful in that companies who conduct on-line businesses need an immediate remedy to continue their sales; thus, pay the ransom.  This information is being provided for your situational awareness.

  • Indonesian based malware development and hacking group.
  • Currently developing and using ransomware in criminal schemes for profit.

Publication date:                            3 November 2016
Handling requirements:                Traffic light protocol (TLP) GREEN
Attribution/Threat Actors:            Indonesian hacking group
Actor Type:                                     Adversary capabilities have been assessed as Tier III*
Potential Targets:                           CMS / Magento operating businesses
Past Reporting:                              DOC-4412, Msg 7942

*Practitioners who focus on the discovery and use of unknown malicious code, are adept at installing user and kernel mode root kits10, frequently use data mining tools, target corporate executives and key users (government and industry) for the purpose of stealing personal and corporate data with the expressed purpose of selling the information to other criminal elements.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.