Decription: Recently Magento team had publiched the announce that some Magento sites got encrypted all the files on the server and asked for Bitcoins to unlock. The reports found the affected sites had malicious code (generic tool) installed under /skin.
Affected versions: All
- Magento merchants are strongly advised to follow BEST PRACTICES to ensure the security of their sites.
- Apply all patches to prevent unauthorized access, then check for and delete any admin accounts that are not recognized and authorized for system access.
- Review all files and admin accounts for compromised files.
- Use MAGEREPORT.COM to detect this vulnerability in some cases.