We have all become accustomed to hearing about ransomware infecting personal computers, encrypting all of the content and demanding a ransom prior to releasing the data back to the victim. As of late, a different kind of ransomware has been stealing the lime-light.
A PHP based ransomware called CTB-Locker. This particular ransomware is designed to attack web servers. Therefore, any web site is potentially at risk of being exploited.
As this particular ransomware is coded in PHP, as with any PHP scripts, before any web page is sent out by the server, the script is executed. The ransomware will replace the existing index.php or index.html file with a version that displays a ransom demand. This poses a huge threat, if the attackers are able to modify the index.php file, they can essentially reign over the entire website.
This ransomware simply emphasises the need to implement security as a webmaster.
- Implement two-factor authentication.
- Implement the most up-to-date patches on applications system wide.
- Review all user access and file permission rights.
CTB-Locker for Websites allows the victim to perform a test decryption of two prechosen files for free.