Ransomware is known as malware that hacks and locks a computer and demands money to unblock it. Now this kind of malware has moved to the Internet following a spate of attacks crippling websites by changing the encryption keys required to keep a site running.

The security companies pointed at new attacks, dubbed “RansomWeb”, where hackers break into the site, take control of a website’s encryption system used for securing or backing up information, and change the encryption keys. In other words, it can be compared to burglars breaking into a house, changing all the locks and making it impossible for the owners to get back in. After the encryption key is changed, the site is rendered inoperable, because it can’t access essential data or code anymore.

The security experts admitted they were facing a new emerging threat for sites that may outshine defacements and DDoS attacks. These new ransom attacks might have caused unrepairable damage, while being quite difficult to prevent.

A couple months ago, some company was reportedly held to ransom after a critical online app was taken offline via the attack. The hackers had broken into the servers that ran the web app 6 months prior, waiting until some essential data had been encrypted and the security key stored on a protected remote server. Once this happened, the hackers removed the key from the server, breaking the application, and sent a ransom demand to the victim to decrypt the important data and restore the service.

Unfortunately, today hackers rarely attack websites for glory or fun ¬– now they are seeking for financial profit. The victims may expect web blackmailing, racket and chantage. The hackers also have a great opportunity to profit from exploiting negligent website administrators. The ransom attacks are difficult to prevent because most of the web apps are very complex and their state is constantly changing. In fact, the only way to detect such attempts would be to constantly track the file changes within the code and databases. Nowadays, there are tens of millions of vulnerable web apps with essential data out there. Of course, hackers won’t miss such a great opportunity.

In fact, “ransomware” attacks are not an entirely new phenomenon. Hackers have been targeting people and businesses for a while now, often via emails. Back in 2013, the National Crime Agency warned about a series of emails claiming to come from banks and financial institutions, which contained malware that could encrypt a user’s hard drive and hold it for a ransom. Then Cryptolocker came in the middle of 2014, which was giving people targeted by the ransomware a 14-days window to clean the malware from their systems.

Security experts admit that the ransomware targeting the website was not really unexpected. They pointed out that it was just a matter of time, because more and more important corporate data is nw stored in the cloud.