Skip to main content

CTB-Locker ransomware encrypts WordPress sites and holds them hostage

hacking, computing
CreativeCommons
A fresh strain of ransomware called CTB-Locker has popped up online, and it encrypts WordPress websites rather than users’ computers. So far more than 100 sites have been affected.

The ransomware, also known as Critroni, operates more or less in the same way as traditional ransomware when it encrypts a user’s files and demands fee in bitcoin to decrypt and return the data. In the case of CTB-Locker, which is a PHP program, it instead targets a website.

Recommended Videos

The culprit will usually hack a website that is poorly secured and replace its index.php or index.html files with different files that encrypt the site’s data with AES-256 encryption, and will also display a warning message on the homepage demanding money along with instructions on how to buy bitcoin.

Please enable Javascript to view this content

“Decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the decryption key,” says the message. It demands .4 bitcoin to return the website to working order.

ctb-locker
Image used with permission by copyright holder

This latest iteration of ransomware was discovered by BleepingComputer’s Lawrence Abrams. He found that the CTB-Locker even comes with a live chat function, so you can actually message the hacker about paying the ransom, and this version of the ransomware has been signed with stolen certificates.

Abrams points out in his report that, as per usual, the only way to restore your files other than paying up is to use a back-up.

It appears that there are about a hundred sites infected with CTB-Locker. A Pastebin document has been created that lists many of the sites that appear to have been compromised. No major, big name sites are included.

If you’re a website owner who is concerned about this, you should check to make sure that you’re using the latest version of WordPress. Most of the sites targeted so far were poorly managed and used outdated versions or had installed vulnerable plug-ins.

CTB-Locker looks like a pretty specialized experiment from the author and it may not be a massive threat in the near future. However, it is the latest mutation of ransomware. We’ve seen several cases of infections coming up over the last few weeks with businesses and organizations like hospitals and school districts getting infected and paying the ransom.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
This little retro gaming monitor is seriously adorable
JapanNext gaming monitor on a desk.

If you like themed products and interesting designs, this new retro-style monitor from Japannext (JN-V236G180F-RETRO) has everything you could want. Spotted by Tom's Hardware, it aims to blend nostalgia with modern technology to make a fun product complete with the perfect gimmick -- you can watch or play anything you want in monochrome.

In terms of specs, it hardly qualifies as of the best gaming monitors, but that isn't really a deal breaker since the price is just 20,000 yen (around $200). It's a 23.6-inch panel with a 16:9 aspect ratio, 1080p resolution, and 180Hz refresh rate. It has a 1ms response time, an sRGB gamut of 90%, and a DCI-P3 coverage of 80%, along with 300 nits of brightness.

Read more
One of ChatGPT’s latest features comes to the free tier
ChatGPT's Canvas screen

In October, OpenAI debuted its Canvas feature, a collaborative interface that visually previews the AI response to the user's writing or coding request. However, it was only made available as a beta feature for Plus and Teams subscribers. On Tuesday, the company announced that it is bringing Canvas to all users, even at the free tier.

While one could easily mistake Canvas for a blatant knockoff of Anthropic's Artifacts feature, OpenAI is also incorporating a swath of new capabilities into Canvas. For one, Canvas is now integrated directly into the GPT-4o model so that it runs natively within ChatGPT, eliminating the need to select it specifically from the model-picking list.

Read more
This cybersecurity disaster made Google’s top 10 searches of 2024
The blue screen of death in Windows.

Google recently released its Year in Search 2024, with a wide range of different topics reaching the top 10. Among major events like the Olympics and the U.S. presidential election is one name you may have forgotten about, but will remember for the chaos it caused. I'm talking, of course, about CrowdStrike, the cybersecurity firm founded in 2011 in Austin, Texas — the same one that was (at least partially) responsible for the largest IT outage ever.

So, what did CrowdStrike do exactly to earn its spot on the list? In a nutshell, it's responsible for the faulty code that meddled with core functions on the affected Windows computers. The error displayed messages on users' PCs saying: "Your PC ran into a problem and needs to restart." The result was downed PCs across the country, affecting a wide range of industries, but most notably, airports. From an IT perspective, this was a nightmare scenario.

Read more