Skip to main content

CTB-Locker ransomware encrypts WordPress sites and holds them hostage

A fresh strain of ransomware called CTB-Locker has popped up online, and it encrypts WordPress websites rather than users’ computers. So far more than 100 sites have been affected.

The ransomware, also known as Critroni, operates more or less in the same way as traditional ransomware when it encrypts a user’s files and demands fee in bitcoin to decrypt and return the data. In the case of CTB-Locker, which is a PHP program, it instead targets a website.

Recommended Videos

The culprit will usually hack a website that is poorly secured and replace its index.php or index.html files with different files that encrypt the site’s data with AES-256 encryption, and will also display a warning message on the homepage demanding money along with instructions on how to buy bitcoin.

“Decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the decryption key,” says the message. It demands .4 bitcoin to return the website to working order.

ctb-locker
Image used with permission by copyright holder

This latest iteration of ransomware was discovered by BleepingComputer’s Lawrence Abrams. He found that the CTB-Locker even comes with a live chat function, so you can actually message the hacker about paying the ransom, and this version of the ransomware has been signed with stolen certificates.

Abrams points out in his report that, as per usual, the only way to restore your files other than paying up is to use a back-up.

It appears that there are about a hundred sites infected with CTB-Locker. A Pastebin document has been created that lists many of the sites that appear to have been compromised. No major, big name sites are included.

If you’re a website owner who is concerned about this, you should check to make sure that you’re using the latest version of WordPress. Most of the sites targeted so far were poorly managed and used outdated versions or had installed vulnerable plug-ins.

CTB-Locker looks like a pretty specialized experiment from the author and it may not be a massive threat in the near future. However, it is the latest mutation of ransomware. We’ve seen several cases of infections coming up over the last few weeks with businesses and organizations like hospitals and school districts getting infected and paying the ransom.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
This Lenovo ThinkPad laptop is over $1,400 off — hurry while stocks last!
The Lenovo ThinkPad T14 Gen 5 Intel laptop on a white background.

Now's an excellent time to take advantage of laptop deals from Lenovo, which has slashed the prices of a wide range of devices for its Black Friday in July sale. Lenovo's ThinkPad laptops are up to 45% off, and here's one of the most interesting offers available with such a discount — the Lenovo ThinkPad T14 Gen 5 at $1,440 off its estimated value of $3,199, so you'll only have to pay $1,759. That's an excellent price for this fantastic productivity tool, but you're going to have to push forward with your purchase as soon as possible because stocks may run out at any moment.

BUY NOW

Read more
Early Prime Day deal: Samsung’s 27-inch Odyssey G3 at its annual low price
Samsung Odyssey G3 gaming monitor on desk with keyboard and headset.

If you're ready to upgrade your monitor, this Samsung deal over at Amazon just might be your best bet. The 27-inch version of Samsung's Odyssey G3 is $130 right now, a full $100 off its regular $230 price and its lowest price of the year. It's a part of early Prime Day deals and a good sampling of what we can expect for the shopping holiday, which officially lands on July 8th. Tap the button below to see it for yourself or keep reading to see why we like this deal and why this should be your next monitor.

Buy Now

Read more
An elegant Mac app has turned my basic tasks into a whole lot of fun
Who knew switching between apps could be so much easier and elegant?
Employing the Dory app switcher on a MacBook Air

The concept of an app switcher tool is rather odd. After all, why would you need a tool for jumping between apps, when the Command+Tab shortcut works just fine and the three-finger swipe opens the Mission Control on the Mac? Well, there are solutions that work better. 

Second, when you bring the mouse and keyboard combo into the picture, the fluid convenience of the trackpad gesture flies out the window. Over the years, the developer community has produced some real app switcher gems. 

Read more