We are getting reports on KimcilWare ransomware targeting Magento websites. According to BleepingComputer, hackers use unspecified vulnerabilities Magento e-commerce platform to install ransomware named KimcilWare. After successful installation hackers encrypt website files and demand ransom from $140 USD up to $415 for decryption.
Attack vector is currently unknown, so Magento users should stay alarmed just in case. There is about 10 known cases of successful ransomware attack. It is possible, that attackers use vulnerability in Magento extensions or gain access to the website using other vulnerabilities or security misconfigurations in server software.