Select Page

WordPress Held for Ransom; Ransomware Variant Strikes Hard

Posted by | Nov 28, 2016 | ,

WordPress Held for Ransom; Ransomware Variant Strikes Hard

29 February 2016 saw the emergence of a new ransomware variant that targeted a large number of supposedly random WordPress websites, encrypting their data and then demanding a ransom of half a bitcoin to release the files.

The ransomware , dubbed ‘CTB-Locker’ is a variant of a computer malware that encrypts files by replacing the index.php file. This happens through the ransomware author hacking a poorly-secured website and replacing the existing index.php or index.html files with versions that display a ransom demand instead. Once the content is encrypted, the ransom note is displayed to anyone visiting the site. According to PC World, since the identification of the ransomware on 12th February 2016, a total of 102 websites have been affected. This is not a fixed figure, as more cases are being reported every day and there has been no way of dealing with the ransomware, save for paying the said ransom.

Apart from the encryption of entire websites, the main pages of said websites also host a chat room support feature where verified victims are able to exchange words with ransomware authors, as well as the availability of two separately-encrypted files that victims can attempt to decry-pt for free, possibly in a bid by the attackers to demonstrate the legitimacy of the ransom demand.

  
Discovered by researchers Benkow Wokned and Tomas Meskauskas, the ransomware was allegedly rumored to have affected hundred of websites probably through point-and-click tools that were distributed to users for free. A point of note is that a majority of websites affected by the CTB-Locker malware have some serious security lapses, such as running versions of WordPress which are either out-of-date, poorly configured or running plugins with security holes. While there is no way of combating the malware at this point, users should take it upon themselves to create the necessary backups of their work and ensure their websites are properly patched with the proper security protocols in place. Efforts like these are sure to make the work of such malicious hackers a lot more complicated and your websites a whole lot safer.

 

[xyz-ihs snippet=”add-post-end-728×90″]

[et_bloom_locked optin_id=optin_7][/et_bloom_locked]

About The Author

Ali Zulkifal

An aspiring engineer, Ali has a passion for computer technology. A freelance writer, he spends his days noodling around with the latest tech and his nights noodling around with his guitar. If he's not writing about what's happening in the techo-stratosphere, you can be sure he's arguing about it on Twitter

Related Posts

AMP released: Faster Mobile Web for WordPress

AMP released: Faster Mobile Web for WordPress

July 30, 2016

How to Migrate a website from a hosting provider to Bluehost

How to Migrate a website from a hosting provider to Bluehost

November 14, 2015

Attorney and Lawyer WordPress Themes

Attorney and Lawyer WordPress Themes

June 19, 2017

Why You Should Use WordPress

Why You Should Use WordPress

February 11, 2016

Google Apps for Work

Affiliates

Monarch Social Sharing Plugin

Advertisement