Users of the Magento e-commerce platform are being targeted with a new ransomware called KimcilWare, according to Threatpost.

Attackers exploit a flaw in the widely used platform used for backend management and inject the KimcilWare ransomware on the web server. Once loaded, the perpetrators employ Rijndael block ciphers to encrypt website files and demand ransom, in the range of U.S. $140 to $415, for decryption.

The scourge was first detected by MalwareHunter Team on Feb. 11, but the team admits it is still unknown who is behind the attacks, though they speculate it is associated with the open-source ransomware sample called Hidden Tear, released in August 2015 by a Turkish security researcher. MalwareHunter also detected the attackers gaining access to targeted servers via web shells, small scripts attackers can install on vulnerable servers, which then can be enlisted to run system commands via a web-based interface.

Correction: An earlier version of this story cited Kaspersky as the firm that detected the issue, when it fact it was MalwareHunter Team.