Popular Posts
-
Elegant Themes has been developing WordPress themes for a long time. It has developed lots of popular themes including Divi, Nexus, Fa...
-
Flickr/Laura D'Alessandro See Also I took Harvard Business School's new pre-MBA course online — and it is definitely w...
-
Hello there! My blog post 'Spikes' was published on Sept. 22nd; however, the post before it called 'Flow' was published on...
-
I will publish an article only when I have something important to say. That's what I reminded myself every time the egocentric ...
-
Hi there! There isn't a true e-commerce solution here at WordPress.com. You can, however get a PayPal button. If you get a PayPal bu...
-
Good news for the secure web: WordPress will now encrypt the traffic for over a million more websites that are hosted on its servers. Wo...
-
How to start a blog or website in 5 minutes with WordPress. After publishing the post on how I started blogging full-time, I'v...
-
KOZHIKODE: E A Jabbar, a retired teacher and an activist of Malappuram based Yukthi vadi Sangham, has filed a complaint before chief minis...
-
At the ripe young age of 32, back in 2009, Uber CEO Travis Kalanick apparently launched a Wordpress blog called Swooshing, and for some ...
-
Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for all pre...
Reinvented ransomware shifts from pwning PC to wrecking websites
A new ransomware variant appears to be ripping through WordPress sites encrypting data and demanding a payment of half a bitcoin to release files.
The website variant of CTB Locker is encrypting all files on WordPress-powered sites and replacing the index.php with a file that displays instructions for paying the ransom.
It even sports a chat room support feature where verified victims can exchange words with ransomware scum.
Researchers Benkow Wokned (@benkow_) and Tomas Meskauskas (@pcrisk) found the malware, warning it has likely infected hundreds of sites.
Victims can decrypt two separately-encrypted files for free in a bid by attackers to demonstrate the legitimacy of the ransom demand.
A means to decrypt files encrypted by the attack does not yet exist, meaning victims must pay if they want their files restored and do not have a backup.
Bleeping Computer blogger Lawrence Abrams suggests the new and burgeoning ransomware is targeting WordPress sites. Here's his thoughts on the matter:
Once the developer (attacker) has access to a site, they rename the existing index.php or index.html to original_index.php or original_index.html. They then upload a new index.php that was created by the developer that performs the encryption, decryption, and displays the ransom note for the hacked site. It should be noted that if the website does not utilize PHP, CTB-Locker for Websites will not be able to function.
A CTB Locker message left on a currently infected site.
A random scattering of sites and businesses have been affected. One Milton Keynes, UK company which manufactures machinery for the healthcare and tobacco industries has been hit. Wokned has uploaded the ransomware source code to Kernelmode for other researchers to study.
Ransomware is regular flayed by white hat malware researchers who hunt for cryptographic implementation flaws that allow decryption to occur without need of the key.
Those attacks are typically baked into point-and-click tools and dsitributed to users for free.
BitDefender destroyed one hopeless ransomware team's encryption dreams after it found and exploited design flaws in three variations of the Linux.Encoder ransomware.
That led a sarcastic security industry to proffer cryptography tips to the tragically determined black hats. ®
Sponsored: The 2016 Cyber Risk Executive Summary
Source: Reinvented ransomware shifts from pwning PC to wrecking websites
0 comments:
Post a Comment