{"id":5810,"date":"2016-03-17T06:41:48","date_gmt":"2016-03-17T10:41:48","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/?p=5810"},"modified":"2020-02-26T20:28:58","modified_gmt":"2020-02-26T14:58:58","slug":"ctb-locker-ransomware-infects-70-web-servers","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/ctb-locker-ransomware-infects-70-web-servers\/5810\/","title":{"rendered":"CTB-Locker ransomware infects 70 web servers"},"content":{"rendered":"<div class=\"entry-content\">\n<div>\n<p>Similar to other successful business sharks, cybercriminals are in constant search of new markets. They carry out experiments, change target audiences and provide feedback to the victims \u2014 all to get their hands on some more easy money. This is exactly what we observed in the latest version of <a href=\"https:\/\/www.kaspersky.com\/blog\/new-version-ctb-locker\/7310\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CTB-Locker<\/a>.<\/p>\n<p>This ransomware family has been rather smart in the past: for example, it utilized the Tor Project anonymity network to shield itself from security experts, and accepted only almost untraceable Bitcoin payments.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The best line of <a href=\"https:\/\/twitter.com\/hashtag\/defense?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#defense<\/a> against any <a href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ransomware<\/a> is to have backed up your machines yesterday. <a href=\"https:\/\/t.co\/cpcBqX1Qy2\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/cpcBqX1Qy2<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/560984613708136448?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 30, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Now comes the good news for the home users, bad for companies: the newest CTB-Locker targets web servers only. While traditional ransomware encrypts user files, this one encrypts data hosted on the server web root. Without these files a website doesn\u2019t exist.Criminals squeeze $150 (or exactly 0.4 of bitcoin) as a ransom. If a victim doesn\u2019t pay in time, the price doubles.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2016\/03\/05085309\/ctb_locker_en_1.png\" alt=\"\"><\/p>\n<p>Culprits also replace the main page of a hacked website with a message, in which they explain in details, what has happened, and when\/how the money must be transferred. They helpfully add a video manual for those who don\u2019t know how to buy bitcoins and offer to decrypt two random files to prove their \u201chonesty.\u201d A victim can even chat with the attackers using a special code that is available for victims only.<\/p>\n<p>As far as we know, new CTB-Locker has already encrypted data on more than <a href=\"https:\/\/securelist.com\/blog\/research\/73989\/ctb-locker-is-back-the-web-server-edition\/\" target=\"_blank\" rel=\"noopener noreferrer\">70 servers<\/a> located in 10 countries, the most affected are is the USA, which is not surprising.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/36\/2016\/03\/05085307\/ctb_locker_en_123.png\" alt=\"\"><\/p>\n<p>CTB-Locker ransomware is truly a scourge of the Internet as there is still no decryption tool that could help victims. The only way to get infected files back quickly is to pay the ransom.<\/p>\n<p>We still don\u2019t know how exactly the CTB-Locker is being deployed on web servers, but we do observe one common thing: a great number of victims use the WordPress platform. That\u2019s why we strongly recommend:<\/p>\n<ul>\n<li>update WordPress regularly, as its non-updated versions usually contain a number of vulnerabilities;<\/li>\n<li>be very careful with third party plugins: these addons can be very useful, but only when they are created by reliable developers;<\/li>\n<li>backup all important data;<\/li>\n<li>be cautious about <a href=\"https:\/\/www.kaspersky.com\/blog\/phishing-ten-tips\/10550\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">phishing emails<\/a>;<\/li>\n<li>don\u2019t believe into \u201ctoo good to be true\u201d ads that appear online and encourage you to install third-party software for any purpose (for example, for web analytics).<\/li>\n<\/ul>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">10 tips to protect your files from ransomware <a href=\"https:\/\/t.co\/o0IpUU9CHb\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/o0IpUU9CHb<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/iteducation?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#iteducation<\/a> <a href=\"https:\/\/t.co\/I47sPIiWFF\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/I47sPIiWFF<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/671348678607642624?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 30, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Though this particular version of ransomware targets only websites, there\u2019re <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">a lot of other cryptors<\/a> which target your personal files. For home users we advise installing a reliable <a href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;THRU&amp;reseller=gl_KDpost_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___&amp;_ga=1.68192472.838268831.1450706896\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">security solution<\/a>, making backups on a regular basis and avoiding phishing as nowadays it\u2019s the most popular delivery option for all sorts of malicious programs including ransomware.<\/p><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Similar to other successful business sharks, cybercriminals are in constant search of new markets. They carry out experiments, change target audiences and provide feedback to the victims \u2014 all to<\/p>\n","protected":false},"author":522,"featured_media":5811,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2196],"tags":[1059,93,36,443],"class_list":{"0":"post-5810","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-ctb-locker","10":"tag-cybercriminals","11":"tag-malware-2","12":"tag-ransomware"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/ctb-locker-ransomware-infects-70-web-servers\/5810\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ctb-locker-ransomware-infects-70-web-servers\/6873\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/ctb-locker-ransomware-infects-70-web-servers\/6103\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/ctb-locker-ransomware-infects-70-web-servers\/4048\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/ctb-locker\/","name":"CTB-Locker"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/5810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=5810"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/5810\/revisions"}],"predecessor-version":[{"id":19341,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/5810\/revisions\/19341"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/5811"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=5810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=5810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=5810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}