Skip to main content
  1. Home
  2. Computing
  3. News

CTB-Locker ransomware encrypts WordPress sites and holds them hostage

Jonathan Keane
By

hacking, computing
CreativeCommons
A fresh strain of ransomware called CTB-Locker has popped up online, and it encrypts WordPress websites rather than users’ computers. So far more than 100 sites have been affected.

The ransomware, also known as Critroni, operates more or less in the same way as traditional ransomware when it encrypts a user’s files and demands fee in bitcoin to decrypt and return the data. In the case of CTB-Locker, which is a PHP program, it instead targets a website.

The culprit will usually hack a website that is poorly secured and replace its index.php or index.html files with different files that encrypt the site’s data with AES-256 encryption, and will also display a warning message on the homepage demanding money along with instructions on how to buy bitcoin.

Related

“Decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the decryption key,” says the message. It demands .4 bitcoin to return the website to working order.

ctb-locker

This latest iteration of ransomware was discovered by BleepingComputer’s Lawrence Abrams. He found that the CTB-Locker even comes with a live chat function, so you can actually message the hacker about paying the ransom, and this version of the ransomware has been signed with stolen certificates.

Abrams points out in his report that, as per usual, the only way to restore your files other than paying up is to use a back-up.

It appears that there are about a hundred sites infected with CTB-Locker. A Pastebin document has been created that lists many of the sites that appear to have been compromised. No major, big name sites are included.

If you’re a website owner who is concerned about this, you should check to make sure that you’re using the latest version of WordPress. Most of the sites targeted so far were poorly managed and used outdated versions or had installed vulnerable plug-ins.

CTB-Locker looks like a pretty specialized experiment from the author and it may not be a massive threat in the near future. However, it is the latest mutation of ransomware. We’ve seen several cases of infections coming up over the last few weeks with businesses and organizations like hospitals and school districts getting infected and paying the ransom.

Editors' Recommendations

Topics
The best ChatGPT alternatives (according to ChatGPT)
Close up of ChatGPT and OpenAI logo.
This huge password manager exploit may never get fixed
A large monitor displaying a security hacking breach warning.
Ranking all 12 versions of Windows, from worst to best
Windows 7 desktop.
Microsoft Word vs. Google Docs
A person using a laptop that displays various Microsoft Office apps.
An AI-generated TV channel is mimicking ’90s sitcoms to nightmarish effect
Larry from "Nothing Forever" the "Seinfeld" AI parody.
LastPass vs. 1Password: should you switch?
florida court phone passwords android lock screen password
How to overclock Intel’s Arc GPUs for better performance
The Arc A770 graphics card running in a PC.
I asked AI to recreate the best Super Bowl commercials — to hilarious and horrifying effect
ask ai recreate best super bowl commercials featured image
Samsung’s crazy rotating 4K gaming monitor is $700 off today
Samsung Odyssey Ark in cockpit mode.
Best Lenovo Laptop Deals: Save up to $2,287 today
Lenovo Yoga 9i 14 Gen 7 laptop sits on a small desk.
Apple may abandon the Mac Studio just 12 months after it launched
A person works at a station equipped with the all new Mac Studio and Studio Display.
HP 72 Hour Flash Sale: The 6 best laptop deals, from $250
HP Spectre x360 13.5 front angled view showing display and keyboard deck.
Samsung’s first QD-OLED gaming monitor might be dead on arrival
The Samsung Odyssey OLED G8 was announced at IFA on Wednesday in Berlin, Germany.