Ransomware is a type of malware that restricts access to a computer system that it infects in some way, and demands that the user pay a ransom to the operators of the malware to remove the restriction. It systematically encrypts files on the system’s hard drive using a large key that may be technologically infeasible to breach without paying the ransom, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file.
Why are Magento stores under threat?
Magento is a very popular ecommerce development framework for online stores and accounts for almost 30% of all ecommerce stores. Many of these stores are established businesses generating millions every month. These websites are easy targets as they are sensitive about their reputation and would push forward to resolve much quicker than other business websites. This application, like any other, needs security precautions to keep it safe from hackers.
What should you do to protect your Magento store from ransomware attacks?
- Make sure you apply all the Magento security patches released from time to time to take care of any vulnerabilities in Magento code.
- Always use strong passwords that are a combination of number, alphabets and special characters. Keep a policy to change the passwords on regular intervals.
- Ensure that your files and directories have proper and safe ownership and permissions so hackers cannot exploit this.
- Change your Magento Admin panel URL to a non-standard URL. It should not be /admin.
- Change the default Magento admin username to a non-generic one. It should not be admin.
- Take regular offsite backups of your files as well as databases.