CTB Locker targets websites along with computers
Gershwin | 10.05.2016 15:55
According to recent reports, the perpetrators have devised a variant of CTB Locker that compromises web pages. These are mostly sites built with WordPress, an open-source platform enjoying popularity with webmasters. In the course of the attack, the infection replaces the index.php file of the target site with a malicious namesake. This allows the ransomware to encrypt all website data with AES-256, a symmetric algorithm that’s extremely difficult to crack unless the bad guys implement it incorrectly.
The criminals set a script displaying ransom instructions instead of the actual homepage. While enabling the site admins to recover two files for free, it will cost them 0.4 Bitcoin, or about 200 USD, to decrypt the rest. Considering the growth of such attacks, webmasters running WordPress sites are strongly recommended to keep their CMS version up to date to prevent their content from being ciphered this way. Also, regularly backing up website content is a great measure to mitigate the damage.
The Windows version of CTB Locker, in its turn, is mutating as well. The newer editions are signed with a pilfered digital certificate. Not only does this keep antivirus suites from identifying the ransomware, but it also adds a hue of legitimacy to the offending program. All in all, this crypto malware poses a serious challenge to users who are pretty much helpless unless they keep data backups outside the computer. Aside from that, CTB Locker victims can leverage the Volume Shadow Copy Service to get their files back and also give specially crafted recovery tools a shot. More info: http://bravoteam.it/guide/ctb-locker
Gershwin