A new ransomware called KimcilWare has been discovered that appears to be targeting web sites using the Magento eCommerce solution. It is currently unknown how these sites are being compromised, but victims will have their web site files encrypted using a Rijndael block cipher and then ransomed for anywhere between $140 USD and $415 USD depending on the variant that infected them. Unfortunately, at this time there is no way to decrypt the data for free.

KimcilWare was first spotted when a security researcher going by the Twitter handle malwareforme had posted about a new Windows ransomware. This ransomware was a Hidden Tear variant that was broken due to SSL connectivity issues with their Command & Control server. The ransom note, though, contained the email address tuyuljahat@hotmail.com, which security researcher MalwareHunterTeam discovered also appeared on a web site that appeared to be infected with a ransomware called KimcilWare.

dst,dst,dst....

http://www.bleepingcomputer.com/news/security/the-kimcilware-ransomware-targets-web-sites-running-the-magento-platform/

KimcilWare

tuyuljahat@hotmail.com

Akhirnya, Indon punya ransomware juga....