CTB-Locker ransomware encrypts WordPress sites and holds them hostage


A brand new strain of ransomware known as CTB-Locker has sprang up online, also it encrypts websites instead of users’ computer systems. To date greater than 100 sites happen to be affected.

The ransomware, also referred to as Critroni, works pretty much in the same manner as traditional ransomware if this encrypts a user’s files and demands fee in bitcoin to decrypt and return the information. Within the situation of CTB-Locker, that is a PHP program, it rather targets an internet site.

The offender will often hack an internet site that’s poorly guarded and replace its index.php or index.html files with various files that secure the site’s data with AES-256 file encryption, as well as display an alert message around the homepage demanding money together with instructions regarding buy bitcoin.

“Decryption secret is saved on the secret Internet server and no-one can decrypt your files before you pay and acquire the decryption key,” states the content. It relates to .4 bitcoin to come back the web site to condition.



This latest iteration of ransomware is discovered by BleepingComputer’s Lawrence Abrams. He discovered that the CTB-Locker even has a live chat function, so that you can really message the hacker about having to pay the ransom, which form of the ransomware continues to be signed with stolen certificates.

Related: Ransomware attacks spread like wildfire worldwide, threatening schools, places of worship, and hospitals

Abrams highlights in the are convinced that, according to usual, the only method to reinstate your files apart from having to pay up is by using a back-up.

It seems that you will find in regards to a hundred sites have contracted CTB-Locker. A Pastebin document continues to be produced that lists most of the websites that have been jeopardized. No major, big named sites are incorporated.

If you are an internet site owner who’s worried about this, you can examine to make certain that you’re using new edition of WordPress. The majority of the sites specific to date were poorly handled and used outdated versions or had installed vulnerable plug-ins.

CTB-Locker appears like a fairly specialized experiment in the author and it might not be an enormous threat soon. However, it’s the latest mutation of ransomware. You’ve seen several installments of infections approaching during the last couple of days with companies and organizations like hospitals and college districts getting infected and having to pay the ransom.

Apple’s top counsel: Our clients are ‘better protected against thieves and terrorists’

Ransomware attacks spread like wildfire worldwide, threatening schools, places of worship, and hospitals

Hollywood hospital pays $17,000 to ransomware online hackers. Lesson to be learned. Back up everything!

CBT Locker Resources


Backup your WordPress sites with WP Duplicator or WP Clone just make sure you save the backups on a thumb drive or your dropbox/cloud storage account. This ransomeware will encrypt all your files including your backups if you leave them on the web server.

Leave a Reply

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.